Kontrola logu prosím

Zpráva

heges · #1 Příspěvek od **heges** » 24 lis 2014 22:34

Tady je kontrolní log, procesů běží nějak moc, asi tam je nějakej bordel. Díky za váš čas

Logfile of random's system information tool 1.10 (written by random/random)
Run by Anča at 2014-11-24 22:26:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 324 GB (70%) free of 460 GB
Total RAM: 3835 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:55, on 24.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Anča\AppData\Local\Pokki\Engine\pokki.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Anča\AppData\Local\Pokki\Engine\pokki.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Anča.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=APN1 ... 2013-04-23
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
O4 - HKCU\..\RunOnce: [Application Restart #3] C:\Users\Anča\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Anča\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --flag-switches-begin --flag-switches-end --restore-last-session
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\Windows\SysWOW64\IcdSptSv.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10189 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1864
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {DBFD6043-86C1-4994-8BD5-1D7C7123A20D}
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Users\Anča\AppData\Local\Pokki\Engine\pokki.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Anča\AppData\Local\Pokki\Engine\pokki.exe" --type=renderer --disable-breakpad --disable-desktop-notifications --disable-logging --disable-speech-input --lang=en-US --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/16/OneClickSignIn/Standard/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderMulti/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpeculativePrefetchingLearning/SpeculativePrefetchingLearningEnabled/Test0PercentDefault/group_01/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_41/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/last_accessed_socket/ --noerrdialogs --disable-client-side-phishing-detection --disable-bundled-ppapi-flash --channel="3276.1.935406273\405582575" /prefetch:3
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"c:\program files (x86)\real\realplayer\update\realsched.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe"
C:\Windows\system32\atiesrxx.exe
atieclxx
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
taskmgr.exe /3
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "http://get.adobe.com/flashplayer/otherversions/"
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\WLANExt.exe 35479936
\??\C:\Windows\system32\conhost.exe "-17660959231008150715-1029192452-372811494-189763873248306731519758386187616771

"C:\Program Files\File Association Helper\FAHWindow.exe" register
"C:\Program Files\WinZip\WINZIP64.EXE"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Anča\Downloads\RSITx64.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-4144783957-1741663026-98712090-10013_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-4144783957-1741663026-98712090-10013 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job - C:\Windows\TEMP\{931BBEA0-12C7-4CC7-84FA-7067B59293D0}.exe --uninstall=1
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job - C:\Windows\TEMP\{4E4E4406-B158-4067-B4D8-82B743750F69}.exe --uninstall=1
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001Core.job - C:\Users\Anča\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001UA.job - C:\Users\Anča\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\optimizerproupdatertask{995835cd-082f-4152-90de-66a185a93dbb}.job - C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe /schedule /profilepath "C:\ProgramData\Premium\OptimizerPro\profile.ini"
C:\Windows\tasks\ReclaimerResumeInstallLogin_Anča.job - C:\Users\Anča\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /ResumeInstall
C:\Windows\tasks\ReclaimerResumeInstall_Anča.job - C:\Users\Anča\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /ResumeInstall
C:\Windows\tasks\SlimDrivers Startup.job - C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe -boot

=========Mozilla firefox=========

ProfilePath - C:\Users\Anča\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default

prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "google.com"
prefs.js - "keyword.URL" - "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q="

"{17E113E6-CD0E-4045-B154-65F0E57959EF}"=C:\Program Files\IMPI\Firefox

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1]
"Description"=RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1]
"Description"=RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1]
"Description"=RealNetworks(tm) RealDownloader Peppe rFlash Video Shim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@realnetworks.com/npdlplugin;version=1]
"Description"=RealDownloader Plugin
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

C:\Users\Anča\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default\searchplugins\
ask-search.xml
askcomsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06 540328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-05-09 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2011-01-11 6602856]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2837288]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-05-09 627360]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-05-09 379552]
"FAHConsole"=C:\Program Files\File Association Helper\FAHConsole.exe [2014-01-28 729272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=C:\Users\Anča\AppData\Local\Pokki\Engine\Launcher.dll [2013-12-05 1271064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #3"=C:\Users\Anča\AppData\Local\Pokki\Engine\pokki.exe [2013-12-05 8285512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-05-09 627360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Anča\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2012-09-13 1009288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starter]
C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Anča^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KooBits 4.lnk]
C:\Program Files (x86)\KooBits 4.0\KooBits 4.0.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=c:\program files (x86)\real\realplayer\update\realsched.exe [2013-04-02 295512]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-03 5223016]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-09-12 959176]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-04-30 642304]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"midi6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-24 22:26:46 ----D---- C:\Program Files\trend micro
2014-11-24 22:26:45 ----D---- C:\rsit
2014-11-24 22:19:24 ----D---- C:\Program Files\WinZip
2014-11-24 22:18:17 ----D---- C:\Program Files\File Association Helper
2014-11-24 22:08:04 ----D---- C:\ProgramData\Qualcomm Atheros
2014-11-24 22:02:07 ----A---- C:\Windows\system32\RtNicProp64.dll
2014-11-24 22:02:07 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2014-11-24 21:56:14 ----A---- C:\Windows\SYSWOW64\vsnp2uvc.dll
2014-11-24 21:56:14 ----A---- C:\Windows\system32\vsnp2uvc.dll
2014-11-24 21:56:14 ----A---- C:\Windows\system32\drivers\snp2uvc.sys
2014-11-24 21:56:14 ----A---- C:\Windows\system32\csnp2uvc.dll
2014-11-24 21:56:14 ----A---- C:\Windows\snuvcdsm.exe
2014-11-24 21:24:26 ----D---- C:\Program Files (x86)\Bluetooth Suite
2014-11-24 21:15:41 ----D---- C:\ProgramData\ATI
2014-11-24 21:15:21 ----D---- C:\Program Files (x86)\AMD AVT
2014-11-24 21:15:07 ----D---- C:\Program Files (x86)\AMD APP
2014-11-24 21:12:27 ----D---- C:\Program Files\ATI Technologies
2014-11-24 21:08:01 ----D---- C:\Windows\LastGood
2014-11-24 21:03:21 ----D---- C:\AMD
2014-11-24 20:56:28 ----A---- C:\Windows\system32\drivers\SWDUMon.sys
2014-11-24 20:55:55 ----D---- C:\Program Files (x86)\SlimDrivers
2014-11-24 20:52:12 ----A---- C:\Windows\system32\aswBoot.exe
2014-11-24 20:51:47 ----A---- C:\Windows\avastSS.scr
2014-11-24 20:46:32 ----D---- C:\Program Files (x86)\Adobe
2014-11-24 20:43:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-04 15:20:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2014-10-31 01:18:19 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-10-31 01:17:22 ----A---- C:\Windows\system32\wups2.dll
2014-10-31 01:17:22 ----A---- C:\Windows\system32\wuauclt.exe
2014-10-31 01:17:21 ----A---- C:\Windows\system32\wucltux.dll
2014-10-31 01:17:21 ----A---- C:\Windows\system32\wuaueng.dll
2014-10-31 01:15:44 ----A---- C:\Windows\system32\wups.dll
2014-10-31 01:15:43 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-10-31 01:15:43 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-10-31 01:15:43 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-10-31 01:15:43 ----A---- C:\Windows\system32\wudriver.dll
2014-10-31 01:15:43 ----A---- C:\Windows\system32\wuapi.dll
2014-10-31 01:14:30 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-10-31 01:14:30 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-10-31 01:14:30 ----A---- C:\Windows\system32\wuwebv.dll
2014-10-31 01:14:30 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 month======

2014-11-24 22:26:49 ----D---- C:\Windows\Temp
2014-11-24 22:26:46 ----RD---- C:\Program Files
2014-11-24 22:26:37 ----D---- C:\Windows\inf
2014-11-24 22:26:27 ----D---- C:\Windows
2014-11-24 22:24:15 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-11-24 22:20:05 ----SHD---- C:\Windows\Installer
2014-11-24 22:20:02 ----SHD---- C:\Config.Msi
2014-11-24 22:19:16 ----D---- C:\ProgramData\WinZip
2014-11-24 22:17:36 ----D---- C:\Program Files (x86)
2014-11-24 22:13:56 ----D---- C:\Windows\System32
2014-11-24 22:13:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-24 22:10:14 ----D---- C:\Program Files (x86)\Atheros
2014-11-24 22:09:59 ----D---- C:\Windows\system32\drivers
2014-11-24 22:09:55 ----D---- C:\Windows\system32\catroot
2014-11-24 22:09:53 ----D---- C:\Windows\system32\DriverStore
2014-11-24 22:08:43 ----D---- C:\Windows\system32\zh-TW
2014-11-24 22:08:43 ----D---- C:\Windows\system32\zh-CN
2014-11-24 22:08:43 ----D---- C:\Windows\system32\tr-TR
2014-11-24 22:08:43 ----D---- C:\Windows\system32\sv-SE
2014-11-24 22:08:43 ----D---- C:\Windows\system32\ru-RU
2014-11-24 22:08:42 ----D---- C:\Windows\system32\pt-PT
2014-11-24 22:08:42 ----D---- C:\Windows\system32\pl-PL
2014-11-24 22:08:42 ----D---- C:\Windows\system32\nn-NO
2014-11-24 22:08:42 ----D---- C:\Windows\system32\nl-NL
2014-11-24 22:08:42 ----D---- C:\Windows\system32\ko-KR
2014-11-24 22:08:42 ----D---- C:\Windows\system32\ja-JP
2014-11-24 22:08:42 ----D---- C:\Windows\system32\it-IT
2014-11-24 22:08:42 ----D---- C:\Windows\system32\hu-HU
2014-11-24 22:08:42 ----D---- C:\Windows\system32\fr-FR
2014-11-24 22:08:42 ----D---- C:\Windows\system32\fi-FI
2014-11-24 22:08:42 ----D---- C:\Windows\system32\es-ES
2014-11-24 22:08:42 ----D---- C:\Windows\system32\en-US
2014-11-24 22:08:42 ----D---- C:\Windows\system32\el-GR
2014-11-24 22:08:42 ----D---- C:\Windows\system32\de-DE
2014-11-24 22:08:42 ----D---- C:\Windows\system32\da-DK
2014-11-24 22:08:42 ----D---- C:\Windows\system32\cs-CZ
2014-11-24 22:08:04 ----HD---- C:\ProgramData
2014-11-24 22:07:46 ----D---- C:\SWSetup
2014-11-24 22:02:06 ----D---- C:\Program Files (x86)\Realtek
2014-11-24 22:02:03 ----SHD---- C:\System Volume Information
2014-11-24 21:56:57 ----D---- C:\Windows\SysWOW64
2014-11-24 21:56:09 ----D---- C:\Program Files (x86)\Common Files
2014-11-24 21:56:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-11-24 21:52:42 ----D---- C:\Windows\system32\config
2014-11-24 21:52:24 ----D---- C:\Windows\winsxs
2014-11-24 21:50:41 ----D---- C:\Windows\Microsoft.NET
2014-11-24 21:50:33 ----RSD---- C:\Windows\assembly
2014-11-24 21:21:28 ----D---- C:\Windows\system32\catroot2
2014-11-24 21:15:27 ----D---- C:\ProgramData\AMD
2014-11-24 21:11:13 ----D---- C:\Program Files (x86)\ATI Technologies
2014-11-24 21:03:58 ----HD---- C:\SYSTEM.SAV
2014-11-24 20:56:31 ----D---- C:\Windows\Tasks
2014-11-24 20:56:31 ----D---- C:\Windows\system32\Tasks
2014-11-24 20:50:57 ----D---- C:\Users\Anča\AppData\Roaming\uTorrent
2014-11-24 20:48:05 ----D---- C:\Windows\debug
2014-11-24 20:46:37 ----D---- C:\ProgramData\Adobe
2014-11-24 20:43:44 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-11-24 20:39:11 ----D---- C:\Program Files (x86)\Sony
2014-11-04 23:18:13 ----D---- C:\Windows\system32\wbem
2014-11-04 23:18:12 ----D---- C:\Windows\SYSWOW64\wbem
2014-11-04 23:18:12 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-11-04 23:18:12 ----D---- C:\Windows\system32\wfp
2014-11-04 23:18:12 ----D---- C:\Windows\PolicyDefinitions
2014-11-04 23:17:59 ----D---- C:\Program Files\CCleaner
2014-11-04 23:16:43 ----D---- C:\Windows\registration
2014-11-04 23:15:59 ----D---- C:\ProgramData\Real
2014-11-04 23:15:44 ----D---- C:\Program Files (x86)\Java
2014-11-04 16:32:35 ----SD---- C:\ProgramData\Microsoft
2014-11-04 16:32:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-11-04 16:31:16 ----D---- C:\Users\Anča\AppData\Roaming\SoftGrid Client
2014-11-04 16:25:41 ----D---- C:\Program Files (x86)\Hewlett-Packard
2014-11-04 16:25:37 ----D---- C:\ProgramData\Hewlett-Packard
2014-11-04 16:16:25 ----RSD---- C:\Windows\Fonts
2014-11-04 15:04:43 ----D---- C:\ProgramData\Download and Sa
2014-11-04 14:59:44 ----D---- C:\Program Files (x86)\Google
2014-11-04 14:49:38 ----D---- C:\Program Files\Hewlett-Packard
2014-11-04 14:43:29 ----D---- C:\Program Files (x86)\Ad-Aware Antivirus
2014-11-04 14:42:10 ----D---- C:\ProgramData\PDFC
2014-10-28 05:34:58 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-11-24 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-11-24 267632]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [2010-06-17 16440]
R0 gfibto;gfibto; C:\Windows\system32\drivers\gfibto.sys [2013-04-04 14456]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-10-30 21136]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-11-24 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-24 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-11-24 436624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-11-24 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-11-24 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-11-24 116728]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-04-30 359936]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-05-09 36000]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2013-10-21 4022272]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-05-09 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-05-09 29344]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-05-09 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-05-09 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-05-09 154272]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-05-09 281760]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2011-02-09 31088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-01-12 2709224]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-06-17 941272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-11-20 1866080]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 396848]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
S3 AR5416;Atheros Wireless Adapter Service; C:\Windows\system32\DRIVERS\athwx.sys [2011-02-25 2793568]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2014-11-24 16152]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-07-09 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-04-30 238080]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-04-29 361984]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-09 146592]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-05-09 80032]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-10-31 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-24 267440]
S3 ICDSPTSV;Sony SPTI Service for DVE; C:\Windows\SysWOW64\IcdSptSv.exe [2003-04-02 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-14 114288]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-25 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 24 lis 2014 23:01

Dobry vecer

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Clean
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

heges · #3 Příspěvek od **heges** » 25 lis 2014 14:46

# AdwCleaner v4.102 - Report created 25/11/2014 at 14:38:29
# Updated 23/11/2014 by Xplode
# Database : 2014-11-24.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Anča - ANČA-HP
# Running from : C:\Users\Anča\Downloads\adwcleaner_4.102.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Download and Sa
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\wxDownload
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SimilarSites
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Program Files (x86)\Vid-Saver
Folder Deleted : C:\Users\Anča\AppData\Local\apn
Folder Deleted : C:\Users\Anča\AppData\Local\Conduit
Folder Deleted : C:\Users\Anča\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Anča\AppData\LocalLow\Download and Sa
Folder Deleted : C:\Users\Anča\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Anča\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Anča\AppData\LocalLow\SaveAs
Folder Deleted : C:\Users\Anča\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Anča\AppData\LocalLow\wxDownload
Folder Deleted : C:\Users\Anča\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Anča\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Anča\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\Anča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[!] Folder Deleted : C:\Users\Anča\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\torntv@torntv.com.xpi
File Deleted : C:\Users\Anča\AppData\Local\funmoods.crx
File Deleted : C:\Users\Anča\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\searchplugins\Askcom.xml
File Deleted : C:\Users\Anča\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default\searchplugins\askcomsearch.xml
File Deleted : C:\Users\Anča\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Anča\AppData\Roaming\Mozilla\Firefox\Profiles\0\searchplugins\WebSearch.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Anča\Desktop\PROGRAMY\Search.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F5E3758-BDBC-4124-A3F0-75EDCE3221A4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5C8288C-2CE1-474F-A3FA-5EF87A383056}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Funmoods
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v33.1.1 (x86 cs)

[0\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.mocaflix.com/");
[0\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q=");
[0\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[0\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.mocaflix.com/?l=1&q=");
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", false);
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
[l5uqenn6.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [15029 octets] - [25/11/2014 14:35:16]
AdwCleaner[S0].txt - [13139 octets] - [25/11/2014 14:38:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13200 octets] ##########

#4 Příspěvek od **altrok** » 25 lis 2014 15:30

Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm

spustte jako spravce
do velkeho okna zkopirujte script uvedeny nize
kliknete na Run script
po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi
Kód: Vybrat vše
```
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
```

heges · #5 Příspěvek od **heges** » 25 lis 2014 23:27

Zoek.exe v5.0.0.0 Updated 24-11-2014
Tool run by Anźa on Łt 25.11.2014 at 15:45:48,32.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ANA~1\Downloads\zoek(1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.11.2014 15:51:47 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\Apple deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\ANA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\pidgin-otr deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\WinZip deleted successfully
C:\Users\Default\AppData\\LocalGoogle deleted successfully
C:\Users\ANA~1\AppData\\LocalGoogle deleted successfully
C:\Users\ANA~1\AppData\Local\CrashDumps deleted successfully
C:\Users\ANA~1\AppData\Local\PDFC deleted successfully
C:\Users\ANA~1\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4144783957-1741663026-98712090-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4144783957-1741663026-98712090-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-4144783957-1741663026-98712090-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4B4D5056-3600-A76A-76A7-7A786E7484D7} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{17E113E6-CD0E-4045-B154-65F0E57959EF} deleted successfully
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Approved Extensions\{17E113E6-CD0E-4045-B154-65F0E57959EF} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Approved Extensions\{17E113E6-CD0E-4045-B154-65F0E57959EF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{17E113E6-CD0E-4045-B154-65F0E57959EF} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{17E113E6-CD0E-4045-B154-65F0E57959EF} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\ANA~1\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:

Added to C:\Users\ANA~1\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\ANA~1\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.cz/");
user_pref("browser.search.defaulturl", "");
user_pref("browser.newtab.url", "www.google.com");
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine", "");
user_pref("browser.search.selectedEngine,S", "");
user_pref("browser.search.order.1,S", "");
user_pref("keyword.URL", "http://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\ANA~1\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\ANA~1\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\prefs.js:

Added to C:\Users\ANA~1\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUT44DD.tmp deleted
C:\PROGRA~2\GUM44DC.tmp deleted
C:\PROGRA~2\GUMB6B1.tmp deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\ANA~1\AppData\Local\CRE deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\wininit.ini deleted
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted
C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted
C:\Windows\tasks\optimizerproupdatertask{995835cd-082f-4152-90de-66a185a93dbb}.job deleted
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job deleted
C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv deleted
C:\Windows\Syswow64\shoE9DE.tmp deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\ANA~1\Documents\Add-in Express deleted
C:\Users\ANA~1\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default\extensions\firefox@ghostery.com.xpi deleted
C:\Users\ANA~1\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default\jetpack deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [24.11.2014 20:52]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ANA~1\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default
- Undetermined - {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- BetterPrivacy - %ProfilePath%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\ANA~1\AppData\Local\funmoods.crx[]
eaonpgeckphkbajimdcmhpjkghpaopgn - C:\ProgramData\Download and Sa\eaonpgeckphkbajimdcmhpjkghpaopgn.crx[]
ejpbbhjlbipncjklfjjaedaieimbmdda - C:\Users\Anźa\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx[]
gakjjlbgebpcjlcklloebajknicmndpe - C:\ProgramData\wxDownload\gakjjlbgebpcjlcklloebajknicmndpe.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[24.11.2014 20:50]
hljdbjgjobjdmlgpceliljpdbfoaoloc - C:\ProgramData\SaveAs\hljdbjgjobjdmlgpceliljpdbfoaoloc.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[06.03.2013 01:26]
jbpkiefagocgkmemidfngdkamloieekf - C:\Program Files (x86)\TornTV.com\torn11.crx[]
jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\Anźa\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[]
kincjchfokkeneeofpeefomkikfkiedl - C:\Program Files (x86)\OApps\chromeaddon2.crx[]
lfffjahnfbocnaooecgijfnbpcfekoik - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx[]
ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Users\Anźa\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx[]
pfmopbbadnfoelckkcmjjeaaegjpjjbk - C:\Program Files (x86)\Gophoto.it\gophotoit14.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\ANA~1\AppData\Local\funmoods.crx[]
ejpbbhjlbipncjklfjjaedaieimbmdda - C:\Users\Anźa\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx[]
lelcohngbjgpiibagnfmncojacafbbpg - C:\Users\Anźa\AppData\Roaming\Seznam.cz\bin\Partner-1.0.3.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} Google Url="https://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09AB8BAF-E1B3-B299-E9C4-848BDD30BBF0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{72006528-4239-6C93-967C-EAEFF5E8FF2D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E89C13EC-A935-495B-7516-6FBC2C7D56DA} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eaonpgeckphkbajimdcmhpjkghpaopgn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gakjjlbgebpcjlcklloebajknicmndpe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hljdbjgjobjdmlgpceliljpdbfoaoloc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lelcohngbjgpiibagnfmncojacafbbpg deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Application Restart #3 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAHConsole deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ANA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ANA~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\ANA~1\AppData\Local\Mozilla\Firefox\Profiles\l5uqenn6.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=219 folders=37 42750348 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\ANA~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ANA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 25.11.2014 at 23:24:53,20 ======================

#6 Příspěvek od **altrok** » 25 lis 2014 23:33

Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

heges · #7 Příspěvek od **heges** » 26 lis 2014 16:49

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014
Ran by Anča (administrator) on ANČA-HP on 26-11-2014 16:44:27
Running from C:\Users\Anča\Desktop
Loaded Profile: Anča (Available profiles: Anča)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Anča\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-24] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4144783957-1741663026-98712090-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4144783957-1741663026-98712090-1001 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4144783957-1741663026-98712090-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4144783957-1741663026-98712090-1001 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Anča\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Anča\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-24]
FF Extension: BetterPrivacy - C:\Users\Anča\AppData\Roaming\Mozilla\Firefox\Profiles\l5uqenn6.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-02]
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-09] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [80032 2011-05-09] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
S3 ICDSPTSV; C:\Windows\SysWOW64\IcdSptSv.exe [69632 2003-04-02] (Sony Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-11-25] (Realtek Semiconductor.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2793568 2011-02-25] (Atheros Communications, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-24] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-24] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-24] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-04] (GFI Software)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-25] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 16:44 - 2014-11-26 16:44 - 00013718 _____ () C:\Users\Anča\Desktop\FRST.txt
2014-11-26 16:44 - 2014-11-26 16:44 - 00000000 ____D () C:\FRST
2014-11-26 16:42 - 2014-11-26 16:42 - 00112640 _____ (forum.viry.cz) C:\Users\Anča\Desktop\FRSTLauncher.exe
2014-11-26 16:42 - 2014-11-26 16:42 - 00000000 ____D () C:\ProgramData\WinZip
2014-11-26 16:40 - 2014-11-26 16:40 - 02118144 _____ (Farbar) C:\Users\Anča\Desktop\FRST64.exe
2014-11-26 04:32 - 2014-11-26 04:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-26 03:02 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-11-26 03:02 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-11-25 23:29 - 2014-11-25 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-11-25 23:29 - 2014-11-25 23:29 - 00000000 ____D () C:\Program Files\Defraggler
2014-11-25 16:46 - 2014-11-25 15:45 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-25 15:50 - 2014-11-25 23:24 - 00017786 _____ () C:\zoek-results.log
2014-11-25 15:50 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-25 15:50 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-25 15:50 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-25 15:50 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-25 15:50 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-25 15:49 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-25 15:49 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-25 15:49 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-25 15:49 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-25 15:49 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-25 15:49 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-25 15:49 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-25 15:49 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-25 15:49 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-25 15:49 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-25 15:49 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-25 15:49 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-25 15:49 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-25 15:49 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-25 15:49 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-25 15:49 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-25 15:49 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-25 15:49 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-25 15:49 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-25 15:49 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-25 15:49 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-25 15:49 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-25 15:49 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-25 15:49 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-25 15:49 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-25 15:49 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-25 15:49 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-25 15:49 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-25 15:49 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-25 15:49 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-25 15:49 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-25 15:49 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-25 15:49 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-25 15:49 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-25 15:49 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-25 15:49 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-25 15:49 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-25 15:49 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-25 15:49 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-25 15:49 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-25 15:49 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-25 15:49 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-25 15:49 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-25 15:49 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-25 15:49 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-25 15:49 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-25 15:49 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-25 15:49 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-25 15:49 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-25 15:49 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-25 15:49 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-25 15:49 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-25 15:49 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-25 15:49 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-25 15:49 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-25 15:49 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-25 15:49 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-25 15:49 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-25 15:49 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-25 15:49 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-25 15:48 - 2014-11-25 15:48 - 04362512 _____ (Piriform Ltd) C:\Users\Anča\Downloads\dfsetup218.exe
2014-11-25 15:48 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-25 15:48 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-25 15:48 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-25 15:48 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-25 15:48 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-25 15:48 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-25 15:48 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-25 15:48 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-25 15:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-25 15:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-25 15:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-25 15:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-25 15:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-25 15:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-25 15:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-25 15:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-25 15:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-25 15:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-25 15:47 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-25 15:47 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-25 15:47 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-25 15:47 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-25 15:47 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-25 15:47 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-25 15:47 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-25 15:47 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-25 15:47 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-25 15:47 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-25 15:47 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-25 15:47 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-25 15:47 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-25 15:47 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-25 15:47 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-25 15:45 - 2014-11-25 16:38 - 00000000 ____D () C:\zoek_backup
2014-11-25 15:44 - 2014-11-25 15:44 - 01294848 _____ () C:\Users\Anča\Downloads\zoek(1).exe
2014-11-25 15:42 - 2014-11-25 15:42 - 00002926 _____ () C:\Windows\System32\Tasks\{BEB8BDB6-5380-4A6F-91A3-9E82FC68B0AA}
2014-11-25 15:42 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-25 15:42 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-25 15:39 - 2014-11-25 15:39 - 00000000 ____D () C:\Program Files\Realtek
2014-11-25 15:35 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-25 15:34 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-25 15:34 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-25 15:34 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-25 15:34 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-25 15:34 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-25 15:34 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-25 15:34 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-25 14:55 - 2014-11-25 14:55 - 00024576 _____ (Realtek Semiconductor.) C:\Windows\SetupAfterRebootService.exe
2014-11-25 14:50 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-25 14:50 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-25 14:35 - 2014-11-25 15:39 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-11-25 14:35 - 2014-11-25 14:38 - 00000000 ____D () C:\AdwCleaner
2014-11-25 14:29 - 2014-11-25 14:29 - 00275208 _____ () C:\Windows\Minidump\112514-58203-01.dmp
2014-11-25 14:18 - 2014-11-25 14:19 - 00000000 ____D () C:\df0f0afb8d4c244cf33609d3943ea59b
2014-11-25 14:09 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-25 14:09 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-11-25 14:09 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-25 14:09 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-25 14:09 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-11-25 14:09 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-11-25 14:08 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-25 14:08 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-25 14:05 - 2014-11-25 14:05 - 02148864 _____ () C:\Users\Anča\Downloads\adwcleaner_4.102.exe
2014-11-24 23:29 - 2014-11-26 07:19 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4144783957-1741663026-98712090-1001
2014-11-24 23:29 - 2014-11-26 07:19 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4144783957-1741663026-98712090-1001
2014-11-24 23:27 - 2014-11-26 04:41 - 00001270 _____ () C:\Windows\setupact.log
2014-11-24 23:27 - 2014-11-25 14:29 - 00000000 ____D () C:\Windows\Minidump
2014-11-24 23:27 - 2014-11-24 23:27 - 00275208 _____ () C:\Windows\Minidump\112414-40607-01.dmp
2014-11-24 23:27 - 2014-11-24 23:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-24 23:26 - 2014-11-25 22:34 - 00002696 _____ () C:\Windows\PFRO.log
2014-11-24 23:26 - 2014-11-25 14:28 - 494159113 _____ () C:\Windows\MEMORY.DMP
2014-11-24 23:20 - 2014-11-25 14:24 - 00000000 ____D () C:\CIMTEMP
2014-11-24 23:18 - 2000-01-01 01:00 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-11-24 23:18 - 2000-01-01 01:00 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-11-24 23:10 - 2014-11-24 23:10 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-11-24 23:07 - 2014-03-21 02:34 - 00476888 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2014-11-24 23:07 - 2014-03-17 02:10 - 00293592 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
2014-11-24 23:07 - 2014-02-28 04:44 - 00359128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2014-11-24 23:07 - 2014-02-28 04:35 - 00313048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsBaStor.sys
2014-11-24 23:07 - 2014-02-26 20:53 - 00331992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
2014-11-24 23:07 - 2014-02-26 20:32 - 00272088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2014-11-24 23:07 - 2014-01-27 00:39 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2014-11-24 22:26 - 2014-11-24 22:27 - 00000000 ____D () C:\rsit
2014-11-24 22:26 - 2014-11-24 22:26 - 01222144 _____ () C:\Users\Anča\Downloads\RSITx64.exe
2014-11-24 22:26 - 2014-11-24 22:26 - 00000000 ____D () C:\Program Files\trend micro
2014-11-24 22:19 - 2014-11-24 22:19 - 00002307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-11-24 22:19 - 2014-11-24 22:19 - 00002301 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-11-24 22:19 - 2014-11-24 22:19 - 00000000 ____D () C:\Users\Anča\AppData\Local\WinZip
2014-11-24 22:19 - 2014-11-24 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-11-24 22:19 - 2014-11-24 22:19 - 00000000 ____D () C:\Program Files\WinZip
2014-11-24 22:17 - 2014-11-24 22:17 - 00880584 _____ ( ) C:\Users\Anča\Downloads\winzip19-home.exe
2014-11-24 22:08 - 2014-11-24 22:10 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-11-24 22:02 - 2014-06-17 07:13 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-11-24 22:02 - 2014-06-17 07:13 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-11-24 21:56 - 2012-11-20 14:15 - 00311648 _____ (Sonix Technology Co., Ltd.) C:\Windows\SysWOW64\vsnp2uvc.dll
2014-11-24 21:56 - 2012-11-20 14:15 - 00026464 _____ () C:\Windows\snuvcdsm.exe
2014-11-24 21:56 - 2012-11-20 14:14 - 01866080 _____ () C:\Windows\system32\Drivers\snp2uvc.sys
2014-11-24 21:56 - 2012-11-20 14:14 - 00379232 _____ (Sonix Technology Co., Ltd.) C:\Windows\system32\vsnp2uvc.dll
2014-11-24 21:56 - 2012-11-20 14:14 - 00246112 _____ (Sonix Technology Co., Ltd.) C:\Windows\system32\csnp2uvc.dll
2014-11-24 21:24 - 2014-11-24 21:27 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-11-24 21:15 - 2014-11-24 21:15 - 00000000 ____D () C:\ProgramData\ATI
2014-11-24 21:15 - 2014-11-24 21:15 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-24 21:15 - 2014-11-24 21:15 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-11-24 21:14 - 2014-11-24 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
2014-11-24 21:12 - 2014-11-24 21:13 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-24 21:03 - 2014-11-24 21:03 - 00000000 ____D () C:\AMD
2014-11-24 20:56 - 2014-11-25 22:34 - 00000408 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-11-24 20:56 - 2014-11-25 15:38 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-24 20:56 - 2014-11-25 15:38 - 00002834 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup
2014-11-24 20:56 - 2014-11-24 20:56 - 00000000 ____D () C:\Users\Anča\AppData\Local\SlimWare Utilities Inc
2014-11-24 20:55 - 2014-11-24 20:55 - 00002467 _____ () C:\Users\Public\Desktop\SlimDrivers.lnk
2014-11-24 20:55 - 2014-11-24 20:55 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-11-24 20:52 - 2014-11-24 20:51 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-24 20:51 - 2014-11-24 20:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-24 20:48 - 2014-11-24 20:48 - 00858432 _____ (SlimWare Utilities, Inc.) C:\Users\Anča\Downloads\slimdrivers-setup(1).exe
2014-11-24 20:46 - 2014-11-24 20:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-24 20:46 - 2014-11-24 20:46 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-24 20:46 - 2014-11-24 20:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-24 20:43 - 2014-11-24 20:43 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-24 20:43 - 2014-11-24 20:43 - 00001107 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-24 20:43 - 2014-11-24 20:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-04 16:22 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-04 16:22 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-04 16:22 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-11-04 16:22 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-04 16:22 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-04 16:22 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-04 16:22 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-04 16:22 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-11-04 16:22 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-04 16:22 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-04 16:22 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-11-04 16:22 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-11-04 16:22 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-11-04 16:22 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-11-04 16:21 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-04 16:21 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-04 16:21 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-04 16:21 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-04 16:21 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-04 16:21 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-04 16:21 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-04 16:21 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-04 16:21 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-04 16:21 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-04 16:18 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-11-04 16:17 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-11-04 16:17 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-11-04 16:17 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-11-04 16:17 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-11-04 15:29 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-11-04 15:29 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-11-04 15:29 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-11-04 15:29 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-11-04 15:04 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-11-04 14:53 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-04 14:53 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-04 14:53 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-04 14:53 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-04 14:53 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-04 14:53 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-04 14:53 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-04 14:53 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-04 14:45 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-04 14:45 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-04 14:45 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-04 14:45 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-04 14:45 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-04 14:45 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-04 14:44 - 2014-11-04 14:44 - 00000000 __SHD () C:\Users\Anča\AppData\Local\EmieUserList
2014-11-04 14:44 - 2014-11-04 14:44 - 00000000 __SHD () C:\Users\Anča\AppData\Local\EmieSiteList
2014-11-04 14:42 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-11-04 14:42 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-11-04 14:42 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-11-04 14:42 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-11-04 11:48 - 2014-11-04 11:48 - 00000880 _____ () C:\Users\Anča\Downloads\SlimDrivers-setup.exe
2014-10-31 01:19 - 2014-11-25 22:33 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-31 01:19 - 2014-11-24 20:53 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-10-31 01:18 - 2014-11-24 20:51 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-31 01:17 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-31 01:17 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-31 01:17 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-31 01:17 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-31 01:15 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-31 01:15 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-31 01:15 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-31 01:15 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-31 01:15 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-31 01:15 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-31 01:14 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-31 01:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-31 01:14 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-31 01:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 16:20 - 2012-10-25 11:31 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-26 14:51 - 2012-12-03 23:46 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001UA.job
2014-11-26 07:20 - 2012-06-24 18:05 - 01184629 _____ () C:\Windows\WindowsUpdate.log
2014-11-26 05:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-26 04:48 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-26 04:48 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-26 04:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 04:38 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-26 04:37 - 2009-07-14 05:45 - 00267368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-26 04:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-26 04:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-26 04:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-26 03:28 - 2012-10-26 23:02 - 01560276 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-26 03:28 - 2011-08-03 19:29 - 00669132 _____ () C:\Windows\system32\perfh005.dat
2014-11-26 03:28 - 2011-08-03 19:29 - 00141760 _____ () C:\Windows\system32\perfc005.dat
2014-11-26 03:28 - 2009-07-14 06:13 - 01560276 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-26 03:18 - 2013-03-14 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-26 03:16 - 2013-03-14 15:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-26 03:16 - 2013-02-04 23:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-26 03:13 - 2013-07-21 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-26 03:07 - 2012-10-25 12:22 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-26 01:20 - 2012-10-25 11:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 01:20 - 2012-10-25 11:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 01:20 - 2012-10-25 11:31 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 23:51 - 2012-12-03 23:46 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001Core.job
2014-11-25 15:37 - 2012-06-24 18:11 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-11-25 14:38 - 2013-02-05 21:34 - 00000000 ___RD () C:\Users\Anča\Desktop\PROGRAMY
2014-11-25 14:14 - 2012-06-24 18:11 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-11-25 14:14 - 2011-08-03 10:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-25 14:01 - 2013-02-04 23:23 - 00000000 ____D () C:\Users\Anča\AppData\Roaming\Real
2014-11-24 23:06 - 2011-02-10 20:23 - 00000000 ____D () C:\SWSetup
2014-11-24 23:00 - 2013-03-02 12:41 - 26972672 ___SH () C:\Users\Anča\Desktop\Thumbs.db
2014-11-24 22:47 - 2013-02-04 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-11-24 22:47 - 2013-02-04 23:31 - 00000000 ____D () C:\ProgramData\Real
2014-11-24 22:22 - 2012-10-27 00:37 - 00000000 ____D () C:\Users\Anča\AppData\Local\Adobe
2014-11-24 22:10 - 2013-05-25 14:20 - 00000000 ____D () C:\Program Files (x86)\Atheros
2014-11-24 22:08 - 2013-05-25 14:21 - 00000000 ____D () C:\Windows\system32\nn-NO
2014-11-24 22:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-11-24 21:27 - 2011-05-09 18:19 - 00246804 _____ () C:\Windows\system32\Drivers\AtherosBt.bin
2014-11-24 21:16 - 2012-10-25 11:10 - 00058016 _____ () C:\Users\Anča\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-24 21:15 - 2012-06-24 18:09 - 00000000 ____D () C:\ProgramData\AMD
2014-11-24 21:11 - 2012-06-24 18:08 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-24 21:03 - 2011-02-10 20:23 - 00000000 ___HD () C:\SYSTEM.SAV
2014-11-24 20:53 - 2013-01-27 15:26 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-24 20:51 - 2014-01-03 02:42 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-24 20:51 - 2013-04-02 21:43 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-24 20:51 - 2013-04-02 21:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-24 20:51 - 2013-02-07 12:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-24 20:51 - 2013-01-27 15:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-24 20:51 - 2013-01-14 22:25 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-24 20:51 - 2012-10-25 11:11 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A8CDF0D6-D2FD-454D-9DA3-6D70F3027F21}
2014-11-24 20:50 - 2012-11-03 21:34 - 00000000 ____D () C:\Users\Anča\AppData\Roaming\uTorrent
2014-11-24 20:46 - 2012-10-25 11:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-24 20:43 - 2014-05-20 23:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-24 20:39 - 2013-03-17 18:28 - 00000000 ____D () C:\Users\Anča\AppData\Local\Sony Corporation
2014-11-24 20:39 - 2013-03-17 18:28 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-11-04 23:18 - 2013-12-29 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-04 23:18 - 2013-10-17 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-04 23:17 - 2013-12-29 12:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-04 23:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-04 23:15 - 2011-08-03 10:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-04 16:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-04 16:31 - 2012-10-26 23:03 - 00000000 ____D () C:\Users\Anča\AppData\Roaming\SoftGrid Client
2014-11-04 16:25 - 2011-08-03 10:43 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-11-04 16:25 - 2011-08-03 10:24 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-11-04 14:59 - 2012-10-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-04 14:58 - 2012-10-25 11:41 - 00000000 ____D () C:\Users\Anča\AppData\Local\Google
2014-11-04 14:49 - 2010-12-03 02:30 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-11-04 14:43 - 2013-04-04 23:36 - 00000000 ____D () C:\Program Files (x86)\Ad-Aware Antivirus
2014-11-04 14:42 - 2011-08-03 10:42 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-04 14:32 - 2012-10-25 11:05 - 00000000 ____D () C:\Users\Anča
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-31 01:22 - 2012-10-25 11:42 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-25 23:04

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:449.45 GB) (Free:323.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.02 GB) (Free:1.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Available physical RAM: 2133.13 MB
Total physical RAM: 3834.9 MB
Percentage of memory in use: 44%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7BAB854E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001Core.job => C:\Users\An
a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001UA.job => C:\Users\An
a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\An�a\Desktop" je 79805 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pokki
C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^An�a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KooBits 4.lnk
C:\Program Files (x86)\KooBits 4.0\KooBits 4.0.exe [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001

==================== End Of Log ==============================

#8 Příspěvek od **altrok** » 26 lis 2014 17:03

Velikost plochy by nemela presahovat 200 MB. Snizuje se pak start i samotny chod celeho PC.

Pokud jeste v PC je, odinstalujte Ad-Aware. Pozor taky na pouzivani AVG PC TuneUp... dokaze udelat peknou paseku.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

2014-11-25 16:46 - 2014-11-25 15:45 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-25 15:50 - 2014-11-25 23:24 - 00017786 _____ () C:\zoek-results.log
2014-11-25 15:45 - 2014-11-25 16:38 - 00000000 ____D () C:\zoek_backup
2014-11-25 15:44 - 2014-11-25 15:44 - 01294848 _____ () C:\Users\Anča\Downloads\zoek(1).exe
2014-11-24 22:26 - 2014-11-24 22:27 - 00000000 ____D () C:\rsit
2014-11-24 22:26 - 2014-11-24 22:26 - 01222144 _____ () C:\Users\Anča\Downloads\RSITx64.exe
2014-11-24 22:26 - 2014-11-24 22:26 - 00000000 ____D () C:\Program Files\trend micro

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pokki" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^An�a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KooBits 4.lnk" /f
REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "Generalize_DisableSR" /t "REG_DWORD" /d "00000000"

Task: {BFD20FBB-AB93-41B8-995B-541B7AD74B6E} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001Core.job => C:\Users\An
a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001UA.job => C:\Users\An
a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Hosts:
EmptyTemp:
End

heges · #9 Příspěvek od **heges** » 26 lis 2014 17:18

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014
Ran by Anča at 2014-11-26 17:12:14 Run:1
Running from C:\Users\Anča\Desktop
Loaded Profile: Anča (Available profiles: Anča)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

2014-11-25 16:46 - 2014-11-25 15:45 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-25 15:50 - 2014-11-25 23:24 - 00017786 _____ () C:\zoek-results.log
2014-11-25 15:45 - 2014-11-25 16:38 - 00000000 ____D () C:\zoek_backup
2014-11-25 15:44 - 2014-11-25 15:44 - 01294848 _____ () C:\Users\Anča\Downloads\zoek(1).exe
2014-11-24 22:26 - 2014-11-24 22:27 - 00000000 ____D () C:\rsit
2014-11-24 22:26 - 2014-11-24 22:26 - 01222144 _____ () C:\Users\Anča\Downloads\RSITx64.exe
2014-11-24 22:26 - 2014-11-24 22:26 - 00000000 ____D () C:\Program Files\trend micro

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pokki" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^An?a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KooBits 4.lnk" /f
REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "Generalize_DisableSR" /t "REG_DWORD" /d "00000000"

Task: {BFD20FBB-AB93-41B8-995B-541B7AD74B6E} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001Core.job => C:\Users\An
a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001UA.job => C:\Users\An
a\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
Hosts:
EmptyTemp:
End

*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
"HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Anča\Downloads\zoek(1).exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\Anča\Downloads\RSITx64.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pokki" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^An?a^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KooBits 4.lnk" /f =========

Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.

========= End of Reg: =========

========= reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "Generalize_DisableSR" /t "REG_DWORD" /d "00000000" =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFD20FBB-AB93-41B8-995B-541B7AD74B6E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFD20FBB-AB93-41B8-995B-541B7AD74B6E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001Core.job => Moved successfully.
a\AppData\Local\Facebook\Update\FacebookUpdate.exe => Error: No automatic fix found for this entry.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4144783957-1741663026-98712090-1001UA.job => Moved successfully.
a\AppData\Local\Facebook\Update\FacebookUpdate.exe => Error: No automatic fix found for this entry.
C:\Windows\Tasks\SlimDrivers Startup.job => Moved successfully.
C:\ProgramData\Temp => ":07F6D9E4" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 67 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#10 Příspěvek od **altrok** » 26 lis 2014 17:20

Vyborne, jak se pocitac chova ted?

heges · #11 Příspěvek od **heges** » 26 lis 2014 17:50

Vše šlape jako hodinky, velmi děkuji!

Jen promažu plochu a bude to hotovo vše

#12 Příspěvek od **altrok** » 26 lis 2014 17:51

Takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

VIRY.CZ

Kontrola logu prosím

Kontrola logu prosím

Re: Kontrola logu prosím

Re: Kontrola logu prosím

Re: Kontrola logu prosím

Re: Kontrola logu prosím

Re: Kontrola logu prosím

Re: Kontrola logu prosím

Re: Kontrola logu prosím

Re: Kontrola logu prosím

Re: Kontrola logu prosím

Re: Kontrola logu prosím

Re: Kontrola logu prosím