Hledání spyware

Zpráva

TTBK003 · #1 Příspěvek od **TTBK003** » 17 pro 2014 21:33

Dorbý den, udělal jsem si na počítači kontrolu Hijackthisem a chtěl bych se zeptat jestli něco můžu smazat nebo jestli je něco škodlivé. Předem děkuji za odpověď.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:24:53, on 17.12.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\T.T.B.K\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CodeBlocks\codeblocks.exe
C:\PROGRA~1\Nitro\PRO9~1\NitroPDF.exe
C:\PROGRA~1\Nitro\PRO9~1\NitroAssistant.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Users\T.T.B.K\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Microsoft Web Test Recorder 12.0 Helper - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\T.T.B.K\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [ServerMiner] wscript.exe //B "C:\Users\TTB~1.K\AppData\Local\Temp\\ServerMiner.vbs"
O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Vyhledat aktualizace.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @C:\Program Files\Google\Chrome Remote Desktop\39.0.2171.46\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe

--
End of file - 11857 bytes

#2 Příspěvek od **vyosek** » 17 pro 2014 21:34

Zdravim

HJT je uz tak 6 let mimo a nedostatecny

Dejte prosim log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

TTBK003 · #3 Příspěvek od **TTBK003** » 17 pro 2014 21:52

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
Ran by T.T.B.K (administrator) on TTBK-PC on 17-12-2014 21:47:53
Running from C:\Users\T.T.B.K\Desktop
Loaded Profile: T.T.B.K (Available profiles: T.T.B.K)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(SweetIM Technologies Ltd.) C:\Program Files\SweetIM\Messenger\SweetIM.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(QIP.ru) C:\Users\T.T.B.K\AppData\Roaming\QipGuard\QipGuard.exe
(PCTV Systems S.à r.l.) C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Code::Blocks Team) C:\Program Files\CodeBlocks\codeblocks.exe
(Nitro PDF) C:\Program Files\Nitro\Pro 9\NitroPDF.exe
(Nitro PDF) C:\Program Files\Nitro\Pro 9\NitroAssistant.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(forum.viry.cz) C:\Users\T.T.B.K\Desktop\FRSTLauncher.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [114992 2011-08-01] (SweetIM Technologies Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [Google Update] => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [QIP Internet Guardian] => C:\Users\T.T.B.K\AppData\Roaming\QipGuard\QipGuard.exe [436224 2013-12-05] (QIP.ru)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [ServerMiner] => wscript.exe //B "C:\Users\TTB~1.K\AppData\Local\Temp\\ServerMiner.vbs" <===== ATTENTION
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [RemoTerm.exe] => C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [227640 2013-02-20] (PCTV Systems S.à r.l.)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vyhledat aktualizace.lnk
ShortcutTarget: Vyhledat aktualizace.lnk -> C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
URLSearchHook: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 - Default Value = ਰǼ즴ʐ從Ǹ짐ʐꋥǸਠǼ皴ਠǼ
URLSearchHook: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 - (No Name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No File
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... earchTerms}
SearchScopes: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... earchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default
FF DefaultSearchUrl:
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3053209993-579959410-3152729223-1001: @tools.google.com/Google Update;version=3 -> C:\Users\T.T.B.K\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3053209993-579959410-3152729223-1001: @tools.google.com/Google Update;version=9 -> C:\Users\T.T.B.K\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\beemp3.xml
FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\mapycz.xml
FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\sfd.xml
FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\youtube.xml
FF Extension: FT DeepDark - C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-09-23]
FF Extension: Flagfox - C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Bluhell Firewall - C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-03-29]
FF Extension: Adblock Plus - C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-07-18]

Chrome:
=======
CHR HomePage: Default -> https://www.seznam.cz/?clid=22668
CHR StartupUrls: Default -> "https://www.seznam.cz/?clid=22668"
CHR DefaultSearchKeyword: Default -> search.sweetim.com
CHR DefaultSearchURL: Default -> http://search.sweetim.com/search.asp?sr ... 269E600A44}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Qip Authorizer Web Plugin) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdefnbcpjeflgggkipfemfckjicceiii\1.0_0\npqipauth.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files\Photodex Presenter\npPxPlay.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Vyhledávání Google) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-11-20]
CHR Extension: (Avast Online Security) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-31]
CHR Extension: (Skype Click to Call) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-05]
CHR Extension: (Peněženka Google) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files\WebCake\WebCakeLayers.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1674928 2014-10-29] (Microsoft Corporation)
S3 fussvc; C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe [140800 2014-02-19] (Microsoft Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-12-17] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2010-06-25] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [103736 2010-06-25] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 Te.Service; C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [91136 2013-08-21] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [71864 2014-05-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-25] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-11-04] (Disc Soft Ltd)
S3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [914816 2010-11-19] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-10-19] (DiBcom S.A.)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-11-03] (Duplex Secure Ltd.)
U3 a6ny5nmr; C:\Windows\system32\Drivers\a6ny5nmr.sys [0 ] (Advanced Micro Devices)
S2 adfs; No ImagePath
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 21:47 - 2014-12-17 21:48 - 00027264 _____ () C:\Users\T.T.B.K\Desktop\FRST.txt
2014-12-17 21:47 - 2014-12-17 21:48 - 00000000 ____D () C:\FRST
2014-12-17 21:46 - 2014-12-17 21:46 - 00112640 _____ (forum.viry.cz) C:\Users\T.T.B.K\Desktop\FRSTLauncher.exe
2014-12-17 21:42 - 2014-12-17 21:42 - 01113600 _____ (Farbar) C:\Users\T.T.B.K\Desktop\FRST.exe
2014-12-17 21:22 - 2014-12-17 21:24 - 00011859 _____ () C:\Users\T.T.B.K\Desktop\hijackthis.log
2014-12-17 21:21 - 2014-12-17 21:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\T.T.B.K\Desktop\hijackthis.exe
2014-12-15 17:45 - 2014-12-15 17:45 - 00004883 _____ () C:\Users\T.T.B.K\Desktop\main_1.cpp
2014-12-15 14:20 - 2014-12-15 14:21 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\hrt
2014-12-15 14:16 - 2014-12-15 14:16 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\re
2014-12-15 14:07 - 2014-12-15 14:07 - 02442180 _____ () C:\Users\T.T.B.K\Desktop\reh0063.zip
2014-12-15 14:07 - 2014-12-15 14:07 - 00916211 _____ () C:\Users\T.T.B.K\Desktop\hrt0012.zip
2014-12-14 22:24 - 2014-12-14 22:29 - 186572800 _____ () C:\Users\T.T.B.K\Desktop\Jak jsem poznal vaší matku - 04x12 - Mirova dohoda.avi
2014-12-14 19:39 - 2014-12-14 19:39 - 00000000 __SHD () C:\Users\T.T.B.K\AppData\Local\EmieBrowserModeList
2014-12-14 15:55 - 2014-12-14 15:57 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\5.série
2014-12-14 15:50 - 2014-12-14 15:53 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\6.série
2014-12-13 21:19 - 2014-12-13 21:19 - 00000832 _____ () C:\Users\T.T.B.K\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-12-13 16:54 - 2014-12-14 10:37 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\Dumb and Dumber (1994)
2014-12-13 14:31 - 2014-12-13 14:32 - 45678589 _____ () C:\Users\T.T.B.K\Desktop\Bike Race Pro v5.0.2 apkmania.com.rar
2014-12-12 17:41 - 2014-12-15 11:59 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\alg+prog
2014-12-10 00:23 - 2014-12-10 00:23 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 23:11 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 22:56 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 22:56 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 22:56 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 22:56 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 22:56 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 22:56 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 22:56 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 22:56 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 22:56 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 22:56 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 22:56 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 22:56 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 22:56 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 22:56 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 22:56 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 22:56 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 22:55 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 22:55 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 22:55 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 22:55 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 22:55 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 22:55 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 22:55 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 22:55 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 22:55 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 22:55 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 22:55 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 22:55 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 22:55 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 22:55 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 22:55 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 22:55 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 22:55 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 22:55 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 22:55 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 22:54 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 22:54 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 22:54 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 22:54 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 22:54 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 22:54 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-07 22:42 - 2014-12-07 22:44 - 58886714 _____ () C:\Users\T.T.B.K\Desktop\Jelen Magdaléna.mp4
2014-12-07 22:41 - 2008-08-18 18:18 - 00077824 _____ (Fox Magic Software) C:\Windows\system32\fmcodec.DLL
2014-12-02 13:31 - 2014-12-02 13:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-25 11:03 - 2014-11-25 11:03 - 00002016 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-25 11:03 - 2014-11-25 11:02 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-25 11:02 - 2014-11-25 11:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-20 17:58 - 2014-11-20 17:58 - 00000000 ____D () C:\ProgramData\Google
2014-11-19 18:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 18:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 21:26 - 2010-08-28 19:27 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 21:21 - 2011-04-23 07:09 - 00000970 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001UA.job
2014-12-17 21:18 - 2012-04-01 07:17 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 21:12 - 2010-05-21 16:14 - 01834228 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 19:09 - 2010-12-27 16:30 - 00000000 ____D () C:\Program Files\Opera
2014-12-17 19:09 - 2010-08-28 19:27 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 12:16 - 2010-05-21 16:16 - 01771352 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 10:56 - 2014-09-17 20:23 - 00000000 ____D () C:\Users\T.T.B.K\AppData\Roaming\CodeBlocks
2014-12-17 10:40 - 2009-07-14 05:34 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 10:40 - 2009-07-14 05:34 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 10:38 - 2013-01-31 17:55 - 00000342 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-12-17 10:30 - 2014-09-14 17:33 - 00016921 _____ () C:\Windows\setupact.log
2014-12-17 10:30 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 22:21 - 2011-04-23 07:09 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001Core.job
2014-12-16 22:04 - 2012-10-05 22:12 - 00000000 ____D () C:\Users\T.T.B.K\AppData\Local\Mirillis
2014-12-14 10:34 - 2013-03-30 22:28 - 00000000 ____D () C:\Users\T.T.B.K\AppData\Roaming\uTorrent
2014-12-14 10:26 - 2014-09-25 19:18 - 00029386 _____ () C:\Windows\PFRO.log
2014-12-14 10:26 - 2010-06-12 15:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 14:35 - 2010-06-12 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 12:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-13 11:12 - 2010-11-17 20:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-13 11:10 - 2012-04-01 07:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-13 11:10 - 2011-05-16 08:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-12 18:26 - 2011-04-23 07:17 - 00002373 _____ () C:\Users\T.T.B.K\Desktop\Google Chrome.lnk
2014-12-12 17:38 - 2014-11-07 19:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 18:18 - 2014-09-19 15:09 - 00000000 ____D () C:\Users\T.T.B.K\Documents\Visual Studio 2013
2014-12-10 00:23 - 2014-05-06 17:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 00:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 23:10 - 2013-07-19 09:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 22:59 - 2010-05-22 20:38 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-07 22:41 - 2014-08-30 10:43 - 00000049 _____ () C:\Windows\system32\ScrRecX.log
2014-12-07 22:41 - 2013-11-08 23:30 - 00001104 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-12-07 22:41 - 2013-11-08 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2014-12-07 22:04 - 2014-09-19 15:41 - 00000000 ____D () C:\ProgramData\AutoKMS
2014-12-04 17:00 - 2012-05-06 21:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-29 23:04 - 2010-11-16 17:38 - 00000000 ____D () C:\Users\T.T.B.K\AppData\Roaming\vlc
2014-11-28 19:45 - 2014-10-04 13:23 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-11-25 11:03 - 2011-02-25 18:13 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-25 11:03 - 2010-05-21 18:59 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-25 11:02 - 2014-05-01 10:43 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-25 11:02 - 2014-01-02 18:44 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-25 11:02 - 2013-03-14 09:55 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-25 11:02 - 2013-03-14 09:55 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-25 11:02 - 2012-02-25 20:26 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-25 11:02 - 2010-05-21 18:59 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-24 14:04 - 2010-05-21 19:01 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-20 17:53 - 2010-05-22 08:40 - 00000000 ____D () C:\Program Files\Google
2014-11-18 12:24 - 2014-10-15 15:00 - 00000963 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 26.lnk

Some content of TEMP:
====================
C:\Users\T.T.B.K\AppData\Local\Temp\atcMedia9741417992003.exe
C:\Users\T.T.B.K\AppData\Local\Temp\DTLite4491-0356.exe
C:\Users\T.T.B.K\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\T.T.B.K\AppData\Local\Temp\uttF06E.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001Core.job => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001UA.job => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\T.T.B.K\Desktop" je 13817 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCake Desktop
"C:\Users\T.T.B.K\AppData\Roaming\WebCake\WebCakeDesktop.exe" [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#4 Příspěvek od **vyosek** » 17 pro 2014 22:06

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

TTBK003 · #5 Příspěvek od **TTBK003** » 17 pro 2014 23:56

# AdwCleaner v4.105 - Report created 17/12/2014 at 22:15:02
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : T.T.B.K - TTBK-PC
# Running from : C:\Users\T.T.B.K\Desktop\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Users\T.T.B.K\AppData\Roaming\Systweak
Folder Deleted : C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\END
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\T.T.B.K\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
File Deleted : C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v34.0 (x86 cs)

[oqr8ww8e.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[oqr8ww8e.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[oqr8ww8e.default\prefs.js] - Line Deleted : user_pref("extensions.enabledItems", "toolbar@ask.com:3.6.13.184,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{32a1fd71-835e-4b11-8e54-886fda0b4c89}:[...]
[oqr8ww8e.default\prefs.js] - Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
[oqr8ww8e.default\prefs.js] - Line Deleted : user_pref("extentions.webcake.installId", "fd38754b-54ab-470a-b871-e01028ef081b");
[oqr8ww8e.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Ask.com");
[oqr8ww8e.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
[oqr8ww8e.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[oqr8ww8e.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.seznam.cz/");
[oqr8ww8e.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v

[C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.qip.ru/search/?query={searchTerms}&from=os
[C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={363370B2-2F2D-11E1-B59F-00269E600A44}
[C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={363370B2-2F2D-11E1-B59F-00269E600A44}
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\Web Data] - Deleted [Search Provider] : hxxp://search.qip.ru/search?query={searchTerms}&from=opera

-\\ Opera v26.0.1656.60

[C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.qip.ru/search/?query={searchTerms}&from=os
[C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={363370B2-2F2D-11E1-B59F-00269E600A44}
[C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={363370B2-2F2D-11E1-B59F-00269E600A44}
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\Web Data] - Deleted [Search Provider] : hxxp://search.qip.ru/search?query={searchTerms}&from=opera
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe

*************************

AdwCleaner[R0].txt - [15360 octets] - [17/12/2014 22:11:16]
AdwCleaner[S0].txt - [16332 octets] - [17/12/2014 22:15:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16393 octets] ##########

Zoek.exe v5.0.0.0 Updated 17-December-2014
Tool run by T.T.B.K on st 17.12.2014 at 22:25:37,81.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\T.T.B.K\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17.12.2014 22:29:03 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\eRightSoft deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Sierra deleted successfully
C:\PROGRA~2\ALM deleted successfully
C:\Users\T.T.B.K\AppData\Roaming\Publish Providers deleted successfully
C:\Users\T.T.B.K\AppData\Local\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} deleted successfully
HKEY_USERS\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully
HKEY_USERS\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\TTB~1.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.defaulturl", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\TTB~1.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\TTB~1.K\AppData\Roaming\Mozilla\Firefox\Profiles\bwxmo94m.default-1374225737952\prefs.js:

Added to C:\Users\TTB~1.K\AppData\Roaming\Mozilla\Firefox\Profiles\bwxmo94m.default-1374225737952\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\T.T.B.K\AppData\Roaming\YoudaGames deleted
C:\Users\T.T.B.K\AppData\Roaming\GetRightToGo deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\tasks\ROC_JAN2013_TB_rmv.job deleted
C:\Windows\system32\tasks\ROC_JAN2013_TB_rmv deleted
C:\Windows\system32\config\systemprofile\Searches deleted
"C:\PROGRA~2\Package Cache" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [25.11.2014 11:02]

==== Firefox Extensions ======================

ProfilePath: C:\Users\TTB~1.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default
- FT DeepDark - C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
- FT DeepDark - %ProfilePath%\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi
- Bluhell Firewall - %ProfilePath%\extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\TTB~1.K\AppData\Roaming\Mozilla\Firefox\Profiles\bwxmo94m.default-1374225737952
- FT DeepDark - %ProfilePath%\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\bwxmo94m.default-1374225737952
14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
6B34823748BD3C10EB2816858025AFE9 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
233F187A5425045011A0DD51F8B48E0F - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
81CB790A6AD230090086C644DC871FC3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
4AD1613FEDB87B4B18CADE745235A625 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
1FBB6E454767A5B43DD980C7DE5D89F6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
86244E1B6D062BBE2B91AA5DA7376806 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

Profilepath: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default
424899266BA430CCE5DDB6C1B4BE1B99 - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash
343BA8F3ABC8CE69700F37DB4A82300F - C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll - Silverlight Plug-In
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
D2377C9458EFEB094E38B8C874AA214C - C:\Users\T.T.B.K\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18
D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
6B34823748BD3C10EB2816858025AFE9 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5
233F187A5425045011A0DD51F8B48E0F - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5
81CB790A6AD230090086C644DC871FC3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5
4AD1613FEDB87B4B18CADE745235A625 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5
1FBB6E454767A5B43DD980C7DE5D89F6 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director
A32402A7A2AC60B5422255DF020EC44A - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
94A3088646C777CE99C3C1D7809C4BAC - C:\Program Files\Nitro\Pro 9\npnitromozilla.dll - Nitro PDF plugin for Firefox and Chrome
7F4E2D4D63BAEDDF80C1759A9F8DE364 - C:\Program Files\Winamp Detect\npwachk.dll - Winamp Application Detector
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
86244E1B6D062BBE2B91AA5DA7376806 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
637839AC6ED995510A411327C5C2DA61 - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
AB3546B509E4B89096078EB2081C39C7 - C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrlui.dll - Microsoft® Silverlight
7B31592F0D472146865BF096CCD34798 - C:\Program Files\Nitro\Pro 9\npnitroie.dll - Nitro PDF plugin for Internet Explorer
6900B96FDD37E5C08FE0AEF0C542F103 - C:\Program Files\Nitro\Pro 9\npdf.dll - FileOpen WebPublisher3+ MSO Security exchange
0C21CB9426AD831DB02FB66232B3A42F - C:\Program Files\Nitro\Pro 9\NPShellExtension.dll - Nitro Pro ShellExtension
4E31DE484AD120894D0D3E7740979108 - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[25.11.2014 11:02]

Avast Online Security - T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Avast Online Security - TTB~1.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
modern scroll - T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\Extensions\eiinejdcihhdbdbipfapahmjndejdpjb
modern scroll - TTB~1.K\AppData\Roaming\Opera Software\Opera Stable\Extensions\eiinejdcihhdbdbipfapahmjndejdpjb

==== Chromium Startpages ======================

C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\Preferences
"startup_urls": [ "http://www.seznam.cz/" ],
"urls_to_restore_on_startup": [ "http://www.seznam.cz/" ]

C:\Users\TTB~1.K\AppData\Roaming\Opera Software\Opera Stable\Preferences
"startup_urls": [ "http://www.seznam.cz/" ],
"urls_to_restore_on_startup": [ "http://www.seznam.cz/" ]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
"Search Bar"="http://www.bing.com"
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.seznam.cz/"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear"
{9C33CD5C-5FA6-44ED-80A2-A2EE025BD628} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"

==== Reset Google Chrome ======================

C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\TTB~1.K\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\TTB~1.K\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\TTB~1.K\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\T.T.B.K\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\TTB~1.K\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{13A5E785-5197-4EAD-8EE3-D660271E49BC} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\587E5A317915DAE4E83E6D0672E194CB deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCake Desktop deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\T.T.B.K\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\T.T.B.K\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\TTB~1.K\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\TTB~1.K\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\T.T.B.K\AppData\Local\Mozilla\Firefox\Profiles\bwxmo94m.default-1374225737952\Cache emptied successfully
C:\Users\T.T.B.K\AppData\Local\Mozilla\Firefox\Profiles\oqr8ww8e.default\cache2 emptied successfully
C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\personas\cache emptied successfully
C:\Users\TTB~1.K\AppData\Local\Mozilla\Firefox\Profiles\bwxmo94m.default-1374225737952\Cache emptied successfully
C:\Users\TTB~1.K\AppData\Local\Mozilla\Firefox\Profiles\oqr8ww8e.default\cache2 emptied successfully
C:\Users\TTB~1.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\personas\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\T.T.B.K\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\TTB~1.K\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\TTB~1.K\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=525 folders=672 2231885862 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\T.T.B.K\AppData\Local\Temp will be emptied at reboot
C:\Users\TTB~1~K\AppData\Local\Temp emptied successfully
C:\Users\TTB~1.K\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\TTB~1.K\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on st 17.12.2014 at 23:51:38,80 ======================

#6 Příspěvek od **vyosek** » 18 pro 2014 08:13

Poprosim o novy log z FRST

TTBK003 · #7 Příspěvek od **TTBK003** » 18 pro 2014 09:49

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
Ran by T.T.B.K (administrator) on TTBK-PC on 18-12-2014 09:44:16
Running from C:\Users\T.T.B.K\Desktop
Loaded Profile: T.T.B.K (Available profiles: T.T.B.K)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(QIP.ru) C:\Users\T.T.B.K\AppData\Roaming\QipGuard\QipGuard.exe
(PCTV Systems S.à r.l.) C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(forum.viry.cz) C:\Users\T.T.B.K\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [Google Update] => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [QIP Internet Guardian] => C:\Users\T.T.B.K\AppData\Roaming\QipGuard\QipGuard.exe [436224 2013-12-05] (QIP.ru)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [ServerMiner] => wscript.exe //B "C:\Users\TTB~1.K\AppData\Local\Temp\\ServerMiner.vbs" <===== ATTENTION
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [RemoTerm.exe] => C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [227640 2013-02-20] (PCTV Systems S.à r.l.)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vyhledat aktualizace.lnk
ShortcutTarget: Vyhledat aktualizace.lnk -> C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
URLSearchHook: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 - Default Value = ਰǼ즴ʐ從Ǹ짐ʐꋥǸਠǼ皴ਠǼ
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.seznam.cz/
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3053209993-579959410-3152729223-1001: @tools.google.com/Google Update;version=3 -> C:\Users\T.T.B.K\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3053209993-579959410-3152729223-1001: @tools.google.com/Google Update;version=9 -> C:\Users\T.T.B.K\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\beemp3.xml
FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\mapycz.xml
FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\sfd.xml
FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\youtube.xml
FF Extension: FT DeepDark - C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2014-09-23]
FF Extension: Flagfox - C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: Bluhell Firewall - C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-03-29]
FF Extension: Adblock Plus - C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-02]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-25]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-07-18]

Chrome:
=======
CHR Profile: C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Vyhledávání Google) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-11-20]
CHR Extension: (Avast Online Security) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-31]
CHR Extension: (Peněženka Google) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\T.T.B.K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1674928 2014-10-29] (Microsoft Corporation)
S3 fussvc; C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe [140800 2014-02-19] (Microsoft Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [490280 2010-03-25] (Nero AG)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-12-17] (Nitro PDF Software)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2010-06-25] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [103736 2010-06-25] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 Te.Service; C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [91136 2013-08-21] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [71864 2014-05-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-25] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-25] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [44544 2009-08-24] (AzureWave Technologies, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-11-04] (Disc Soft Ltd)
S3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [914816 2010-11-19] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [13824 2007-10-19] (DiBcom S.A.)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-11-03] (Duplex Secure Ltd.)
U3 aa9n4amf; C:\Windows\system32\Drivers\aa9n4amf.sys [0 ] (Intel Corporation)
S2 adfs; No ImagePath
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 09:40 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 23:44 - 2014-12-17 22:25 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-17 22:28 - 2014-12-17 23:51 - 00019035 _____ () C:\zoek-results.log
2014-12-17 22:25 - 2014-12-17 23:32 - 00000000 ____D () C:\zoek_backup
2014-12-17 22:25 - 2014-12-17 22:25 - 01295360 _____ () C:\Users\T.T.B.K\Desktop\zoek.exe
2014-12-17 22:23 - 2014-12-17 22:23 - 00016474 _____ () C:\Users\T.T.B.K\Desktop\AdwCleaner[S0].txt
2014-12-17 22:11 - 2014-12-17 22:15 - 00000000 ____D () C:\AdwCleaner
2014-12-17 22:09 - 2014-12-17 22:09 - 02166272 _____ () C:\Users\T.T.B.K\Desktop\adwcleaner_4.105.exe
2014-12-17 21:50 - 2014-12-17 21:50 - 00011516 _____ () C:\Users\T.T.B.K\Desktop\Addition.zip
2014-12-17 21:47 - 2014-12-18 09:45 - 00022415 _____ () C:\Users\T.T.B.K\Desktop\FRST.txt
2014-12-17 21:47 - 2014-12-18 09:44 - 00000000 ____D () C:\FRST
2014-12-17 21:46 - 2014-12-17 21:46 - 00112640 _____ (forum.viry.cz) C:\Users\T.T.B.K\Desktop\FRSTLauncher.exe
2014-12-17 21:42 - 2014-12-17 21:42 - 01113600 _____ (Farbar) C:\Users\T.T.B.K\Desktop\FRST.exe
2014-12-15 17:45 - 2014-12-15 17:45 - 00004883 _____ () C:\Users\T.T.B.K\Desktop\main_1.cpp
2014-12-15 14:20 - 2014-12-15 14:21 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\hrt
2014-12-15 14:16 - 2014-12-15 14:16 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\re
2014-12-15 14:07 - 2014-12-15 14:07 - 02442180 _____ () C:\Users\T.T.B.K\Desktop\reh0063.zip
2014-12-15 14:07 - 2014-12-15 14:07 - 00916211 _____ () C:\Users\T.T.B.K\Desktop\hrt0012.zip
2014-12-14 22:24 - 2014-12-14 22:29 - 186572800 _____ () C:\Users\T.T.B.K\Desktop\Jak jsem poznal vaší matku - 04x12 - Mirova dohoda.avi
2014-12-14 19:39 - 2014-12-14 19:39 - 00000000 __SHD () C:\Users\T.T.B.K\AppData\Local\EmieBrowserModeList
2014-12-14 15:55 - 2014-12-14 15:57 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\5.série
2014-12-14 15:50 - 2014-12-14 15:53 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\6.série
2014-12-13 21:19 - 2014-12-13 21:19 - 00000832 _____ () C:\Users\T.T.B.K\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-12-13 16:54 - 2014-12-14 10:37 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\Dumb and Dumber (1994)
2014-12-13 14:31 - 2014-12-13 14:32 - 45678589 _____ () C:\Users\T.T.B.K\Desktop\Bike Race Pro v5.0.2 apkmania.com.rar
2014-12-12 17:41 - 2014-12-15 11:59 - 00000000 ____D () C:\Users\T.T.B.K\Desktop\alg+prog
2014-12-10 00:23 - 2014-12-10 00:23 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 23:11 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 22:56 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 22:56 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 22:56 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 22:56 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 22:56 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 22:56 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 22:56 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 22:56 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 22:56 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 22:56 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 22:56 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 22:56 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 22:56 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 22:56 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 22:56 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 22:55 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 22:55 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 22:55 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 22:55 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 22:55 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 22:55 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 22:55 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 22:55 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 22:55 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 22:55 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 22:55 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 22:55 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 22:55 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 22:55 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 22:55 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 22:55 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 22:55 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 22:55 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 22:55 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 22:55 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 22:54 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 22:54 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 22:54 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 22:54 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 22:54 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 22:54 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-07 22:42 - 2014-12-07 22:44 - 58886714 _____ () C:\Users\T.T.B.K\Desktop\Jelen Magdaléna.mp4
2014-12-07 22:41 - 2008-08-18 18:18 - 00077824 _____ (Fox Magic Software) C:\Windows\system32\fmcodec.DLL
2014-12-02 13:31 - 2014-12-02 13:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-25 11:03 - 2014-11-25 11:03 - 00002016 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-25 11:03 - 2014-11-25 11:02 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-25 11:02 - 2014-11-25 11:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-20 17:58 - 2014-11-20 17:58 - 00000000 ____D () C:\ProgramData\Google
2014-11-19 18:30 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 18:30 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 09:44 - 2010-05-21 16:14 - 01891896 _____ () C:\Windows\WindowsUpdate.log
2014-12-18 09:41 - 2009-07-14 05:34 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 09:41 - 2009-07-14 05:34 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 09:34 - 2010-08-28 19:27 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-18 09:30 - 2014-09-14 17:33 - 00017145 _____ () C:\Windows\setupact.log
2014-12-18 09:30 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 23:49 - 2014-09-19 15:41 - 00000000 ____D () C:\ProgramData\AutoKMS
2014-12-17 23:46 - 2014-09-25 19:18 - 00030040 _____ () C:\Windows\PFRO.log
2014-12-17 23:26 - 2010-08-28 19:27 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 23:21 - 2011-04-23 07:09 - 00000970 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001UA.job
2014-12-17 23:18 - 2012-04-01 07:17 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 22:21 - 2011-04-23 07:09 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001Core.job
2014-12-17 21:58 - 2014-09-17 20:23 - 00000000 ____D () C:\Users\T.T.B.K\AppData\Roaming\CodeBlocks
2014-12-17 19:09 - 2010-12-27 16:30 - 00000000 ____D () C:\Program Files\Opera
2014-12-17 12:16 - 2010-05-21 16:16 - 01771352 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 22:04 - 2012-10-05 22:12 - 00000000 ____D () C:\Users\T.T.B.K\AppData\Local\Mirillis
2014-12-14 10:34 - 2013-03-30 22:28 - 00000000 ____D () C:\Users\T.T.B.K\AppData\Roaming\uTorrent
2014-12-14 10:26 - 2010-06-12 15:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 14:35 - 2010-06-12 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 12:45 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-13 11:12 - 2010-11-17 20:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-13 11:10 - 2012-04-01 07:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-13 11:10 - 2011-05-16 08:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-12 18:26 - 2011-04-23 07:17 - 00002373 _____ () C:\Users\T.T.B.K\Desktop\Google Chrome.lnk
2014-12-12 17:38 - 2014-11-07 19:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 18:18 - 2014-09-19 15:09 - 00000000 ____D () C:\Users\T.T.B.K\Documents\Visual Studio 2013
2014-12-10 00:23 - 2014-05-06 17:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 00:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 23:10 - 2013-07-19 09:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 22:59 - 2010-05-22 20:38 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-07 22:41 - 2014-08-30 10:43 - 00000049 _____ () C:\Windows\system32\ScrRecX.log
2014-12-07 22:41 - 2013-11-08 23:30 - 00001104 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-12-07 22:41 - 2013-11-08 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2014-12-04 17:00 - 2012-05-06 21:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-29 23:04 - 2010-11-16 17:38 - 00000000 ____D () C:\Users\T.T.B.K\AppData\Roaming\vlc
2014-11-28 19:45 - 2014-10-04 13:23 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-11-25 11:03 - 2011-02-25 18:13 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-25 11:03 - 2010-05-21 18:59 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-25 11:02 - 2014-05-01 10:43 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-25 11:02 - 2014-01-02 18:44 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-25 11:02 - 2013-03-14 09:55 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-25 11:02 - 2013-03-14 09:55 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-25 11:02 - 2012-02-25 20:26 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-25 11:02 - 2010-05-21 18:59 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-24 14:04 - 2010-05-21 19:01 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-20 17:53 - 2010-05-22 08:40 - 00000000 ____D () C:\Program Files\Google
2014-11-18 12:24 - 2014-10-15 15:00 - 00000963 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 26.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001Core.job => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001UA.job => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\T.T.B.K\Desktop" je 13811 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#8 Příspěvek od **vyosek** » 18 pro 2014 10:52

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [Google Update] => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [QIP Internet Guardian] => C:\Users\T.T.B.K\AppData\Roaming\QipGuard\QipGuard.exe [436224 2013-12-05] (QIP.ru)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [ServerMiner] => wscript.exe //B "C:\Users\TTB~1.K\AppData\Local\Temp\\ServerMiner.vbs" <===== ATTENTION
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

URLSearchHook: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 - Default Value = ਰǼ즴ʐ從Ǹ짐ʐꋥǸਠǼ皴ਠǼ
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\beemp3.xml
FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\sfd.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-07-18]

U3 aa9n4amf; C:\Windows\system32\Drivers\aa9n4amf.sys [0 ] (Intel Corporation)
S2 adfs; No ImagePath
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

C:\Users\T.T.B.K\AppData\Roaming\QipGuard
2014-12-17 23:44 - 2014-12-17 22:25 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-17 22:28 - 2014-12-17 23:51 - 00019035 _____ () C:\zoek-results.log
2014-12-17 22:25 - 2014-12-17 23:32 - 00000000 ____D () C:\zoek_backup
2014-12-17 22:25 - 2014-12-17 22:25 - 01295360 _____ () C:\Users\T.T.B.K\Desktop\zoek.exe
2014-12-17 22:23 - 2014-12-17 22:23 - 00016474 _____ () C:\Users\T.T.B.K\Desktop\AdwCleaner[S0].txt
2014-12-17 22:11 - 2014-12-17 22:15 - 00000000 ____D () C:\AdwCleaner
2014-12-17 22:09 - 2014-12-17 22:09 - 02166272 _____ () C:\Users\T.T.B.K\Desktop\adwcleaner_4.105.exe
2014-12-17 21:50 - 2014-12-17 21:50 - 00011516 _____ () C:\Users\T.T.B.K\Desktop\Addition.zip
2014-12-17 21:47 - 2014-12-18 09:45 - 00022415 _____ () C:\Users\T.T.B.K\Desktop\FRST.txt
2014-12-17 21:46 - 2014-12-17 21:46 - 00112640 _____ (forum.viry.cz) C:\Users\T.T.B.K\Desktop\FRSTLauncher.exe
2014-12-17 23:49 - 2014-09-19 15:41 - 00000000 ____D () C:\ProgramData\AutoKMS

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001Core.job => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001UA.job => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

TTBK003 · #9 Příspěvek od **TTBK003** » 18 pro 2014 11:52

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-12-2014
Ran by T.T.B.K at 2014-12-18 11:34:58 Run:1
Running from C:\Users\T.T.B.K\Desktop
Loaded Profile: T.T.B.K (Available profiles: T.T.B.K)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
HKLM\...\Run: [AdobeCEPServiceManager] => C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [Google Update] => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [QIP Internet Guardian] => C:\Users\T.T.B.K\AppData\Roaming\QipGuard\QipGuard.exe [436224 2013-12-05] (QIP.ru)
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [ServerMiner] => wscript.exe //B "C:\Users\TTB~1.K\AppData\Local\Temp\\ServerMiner.vbs" <===== ATTENTION
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

URLSearchHook: HKU\S-1-5-21-3053209993-579959410-3152729223-1001 - Default Value = ਰǼ즴ʐ從Ǹ짐ʐꋥǸਠǼ皴ਠǼ
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\beemp3.xml
FF SearchPlugin: C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\sfd.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-07-18]

U3 aa9n4amf; C:\Windows\system32\Drivers\aa9n4amf.sys [0 ] (Intel Corporation)
S2 adfs; No ImagePath
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

C:\Users\T.T.B.K\AppData\Roaming\QipGuard
2014-12-17 23:44 - 2014-12-17 22:25 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-17 22:28 - 2014-12-17 23:51 - 00019035 _____ () C:\zoek-results.log
2014-12-17 22:25 - 2014-12-17 23:32 - 00000000 ____D () C:\zoek_backup
2014-12-17 22:25 - 2014-12-17 22:25 - 01295360 _____ () C:\Users\T.T.B.K\Desktop\zoek.exe
2014-12-17 22:23 - 2014-12-17 22:23 - 00016474 _____ () C:\Users\T.T.B.K\Desktop\AdwCleaner[S0].txt
2014-12-17 22:11 - 2014-12-17 22:15 - 00000000 ____D () C:\AdwCleaner
2014-12-17 22:09 - 2014-12-17 22:09 - 02166272 _____ () C:\Users\T.T.B.K\Desktop\adwcleaner_4.105.exe
2014-12-17 21:50 - 2014-12-17 21:50 - 00011516 _____ () C:\Users\T.T.B.K\Desktop\Addition.zip
2014-12-17 21:47 - 2014-12-18 09:45 - 00022415 _____ () C:\Users\T.T.B.K\Desktop\FRST.txt
2014-12-17 21:46 - 2014-12-17 21:46 - 00112640 _____ (forum.viry.cz) C:\Users\T.T.B.K\Desktop\FRSTLauncher.exe
2014-12-17 23:49 - 2014-09-19 15:41 - 00000000 ____D () C:\ProgramData\AutoKMS

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001Core.job => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001UA.job => C:\Users\T.T.B.K\AppData\Local\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => Value could not be deleted.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCEPServiceManager => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian => value deleted successfully.
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ServerMiner => value deleted successfully.
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-3053209993-579959410-3152729223-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\beemp3.xml => Moved successfully.
C:\Users\T.T.B.K\AppData\Roaming\Mozilla\Firefox\Profiles\oqr8ww8e.default\searchplugins\sfd.xml => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value deleted successfully.
C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => Moved successfully.
aa9n4amf => Service deleted successfully.
adfs => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
ew_usbenumfilter => Service deleted successfully.
huawei_cdcacm => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
huawei_ext_ctrl => Service deleted successfully.
huawei_wwanecm => Service deleted successfully.
C:\Users\T.T.B.K\AppData\Roaming\QipGuard => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\T.T.B.K\Desktop\zoek.exe => Moved successfully.
C:\Users\T.T.B.K\Desktop\AdwCleaner[S0].txt => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\T.T.B.K\Desktop\adwcleaner_4.105.exe => Moved successfully.
C:\Users\T.T.B.K\Desktop\Addition.zip => Moved successfully.
"C:\Users\T.T.B.K\Desktop\FRST.txt" => File/Directory not found.
C:\Users\T.T.B.K\Desktop\FRSTLauncher.exe => Moved successfully.
C:\ProgramData\AutoKMS => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3053209993-579959410-3152729223-1001UA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 195.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#10 Příspěvek od **vyosek** » 18 pro 2014 12:09

Jak se chova PC????

TTBK003 · #11 Příspěvek od **TTBK003** » 18 pro 2014 12:12

Jako obvykle. Nerozlišil jsem nějaké změny v chování.

#12 Příspěvek od **vyosek** » 18 pro 2014 12:13

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

Stahnete a spustte
Ponechte zatrzitkou pouze u volby Remote disinfection tools
Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

TTBK003 · #13 Příspěvek od **TTBK003** » 18 pro 2014 12:27

Moc děkuji za pomoc a asistenci.

#14 Příspěvek od **vyosek** » 19 pro 2014 10:17

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

Pekne svatky vanocni Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Hledání spyware

Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware

Re: Hledání spyware