Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

žádost o odstranění cityweb a dalších šmejdů

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
masakatsu
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 04 úno 2015 21:43

žádost o odstranění cityweb a dalších šmejdů

#1 Příspěvek od masakatsu »

prosím o pomoc při odstranění cityweb a dalších šmejdů, addition je jako rar v příloze

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by Martin a Evísek (administrator) on PC on 04-02-2015 22:01:03
Running from C:\Users\Martin a Evísek\Desktop
Loaded Profiles: Martin a Evísek (Available profiles: Martin a Evísek)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Google Inc.) C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(forum.viry.cz) C:\Users\Martin a Evísek\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\runonceex: [ContentMerger] => c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [Google Update] => C:\Users\Martin a Evísek\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [458456 2014-12-19] (ZONER software)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\MountPoints2: {142f0f35-ea5d-11de-945e-18a9058c31ac} - D:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.icq.com/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKLM - Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 - Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1708250
SearchScopes: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_ ... earchTerms}
SearchScopes: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_ ... earchTerms}
SearchScopes: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_ ... earchTerms}
SearchScopes: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://isearch.omiga-plus.com/web/?utm_ ... earchTerms}
SearchScopes: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://isearch.omiga-plus.com/web/?utm_ ... earchTerms}
SearchScopes: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://isearch.omiga-plus.com/web/?utm_ ... earchTerms}
SearchScopes: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 -> {C57121BD-8EBC-4D54-B2DD-B6A34CB07152} URL = http://isearch.omiga-plus.com/web/?utm_ ... earchTerms}
SearchScopes: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_ ... earchTerms}
BHO: Free Lunch Design Toolbar -> {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} -> C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DeLorme Send To GPS -> {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} -> C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKLM - Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 10.0.0.138 194.228.196.16
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @delorme.com/SendToGPS -> C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll (DeLorme)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1320854304-368154927-3987488329-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Martin a Evísek\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1320854304-368154927-3987488329-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Martin a Evísek\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1320854304-368154927-3987488329-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin a Evísek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/)
FF SearchPlugin: C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\searchplugins\icqplugin.xml
FF Extension: Free Lunch Design Toolbar - C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} [2012-04-14]
FF Extension: Seznam lištička - C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2014-06-04]
FF Extension: Cyti Web 1.0.1 - C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{3560b757-0519-45b3-a215-cfb94afd0821}.xpi [2015-02-04]
FF Extension: Adblock Plus - C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423074366&from=obw&uid=WDCXWD3200BEKT-60F3T1_WD-WXA0A994876748767"
CHR Plugin: (Shockwave Flash) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Microsoft\® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Vyhledávání Google) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Peněženka Google) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-03-20] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [125496 2011-02-23] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [279712 2009-12-16] ()
R3 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-25] (Disc Soft Ltd)
R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [25888 2009-12-16] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl4570b3c0; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{75A8D2E7-3015-4347-828B-6605E68C8795}\MpKsl4570b3c0.sys [39464 2015-02-04] (Microsoft Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R0 sptd; C:\windows\System32\Drivers\sptd.sys [320120 2014-09-25] (Duplex Secure Ltd.)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 a91xpomd; C:\windows\system32\Drivers\a91xpomd.sys [0 ] (LSI Corporation) <==== ATTENTION (zero size file/folder)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 22:01 - 2015-02-04 22:01 - 00025966 _____ () C:\Users\Martin a Evísek\Desktop\FRST.txt
2015-02-04 22:00 - 2015-02-04 22:01 - 00000000 ____D () C:\FRST
2015-02-04 21:56 - 2015-02-04 21:57 - 00112640 _____ (forum.viry.cz) C:\Users\Martin a Evísek\Desktop\FRSTLauncher.exe
2015-02-04 21:56 - 2015-02-04 21:56 - 01123328 _____ (Farbar) C:\Users\Martin a Evísek\Desktop\FRST.exe
2015-02-04 20:43 - 2015-02-04 21:08 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 20:43 - 2015-02-04 20:45 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 20:43 - 2015-02-04 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 20:42 - 2015-02-04 20:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-04 20:42 - 2015-02-04 20:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 20:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-04 20:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-04 20:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-04 20:41 - 2015-02-04 20:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martin a Evísek\Downloads\mbam-setup-2.0.2.1012.exe
2015-02-04 19:53 - 2015-02-04 20:13 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\CrashDumps
2015-02-04 19:27 - 2015-02-04 21:07 - 00000000 ____D () C:\Program Files\XTab
2015-02-04 19:27 - 2015-02-04 19:27 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\MiniGet
2015-02-04 19:25 - 2015-02-04 19:25 - 00001374 _____ () C:\windows\Tasks\TVQB.job
2015-02-04 19:24 - 2015-02-04 19:24 - 00000000 ____D () C:\Program Files\Seznam.cz
2015-02-04 19:23 - 2015-02-04 21:14 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz
2015-02-04 19:23 - 2015-02-04 19:25 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\BrowserHelper
2015-02-04 19:23 - 2015-02-04 19:23 - 00001376 _____ () C:\windows\Tasks\XYNCJ.job
2015-02-04 19:23 - 2015-02-04 19:23 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-02-04 19:23 - 2015-02-04 19:23 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\globalUpdate
2015-02-04 19:22 - 2015-02-04 19:22 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\CrashRpt
2015-02-04 14:28 - 2015-02-04 14:28 - 00002037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Zoner Photo Studio 17.lnk
2015-02-04 14:28 - 2015-02-04 14:28 - 00002031 _____ () C:\Users\Public\Desktop\Zoner Photo Studio 17.lnk
2015-02-04 14:28 - 2015-02-04 14:28 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\Zoner
2015-02-04 14:28 - 2015-02-04 14:28 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\Zoner
2015-02-04 14:28 - 2015-02-04 14:28 - 00000000 ____D () C:\ProgramData\Zoner
2015-02-04 14:27 - 2015-02-04 14:27 - 00000000 ____D () C:\Users\Martin a Evísek\Downloads\zasilka-DASID5PG7C9ADKF7
2015-02-04 14:27 - 2015-02-04 14:27 - 00000000 ____D () C:\Program Files\Zoner
2015-02-04 14:23 - 2015-02-04 14:24 - 80575025 _____ () C:\Users\Martin a Evísek\Downloads\zasilka-DASID5PG7C9ADKF7.zip
2015-02-03 18:09 - 2015-02-03 19:21 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\Wellness
2015-02-01 20:55 - 2015-02-01 21:06 - 959501142 _____ () C:\Users\Martin a Evísek\Downloads\Americky-sniper-American-Sniper-2014-Cz-titkrokous.avi
2015-02-01 18:25 - 2015-02-04 18:48 - 00007485 _____ () C:\Users\Martin a Evísek\Desktop\bkakak.pwp
2015-02-01 18:25 - 2015-02-01 18:25 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\bkakak-PM
2015-02-01 17:35 - 2015-02-01 17:35 - 00001154 _____ () C:\Users\Public\Desktop\Picture Collage Maker Pro.lnk
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\Users\Public\Documents\PearlMountain
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\PearlMountain
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\ProgramData\PearlMountain
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Collage Maker Pro
2015-02-01 17:34 - 2015-02-01 17:35 - 00000000 ____D () C:\Program Files\Picture Collage Maker Pro
2015-02-01 17:26 - 2015-02-01 17:27 - 107272072 _____ (PearlMountain Technology Co., Ltd ) C:\Users\Martin a Evísek\Downloads\PictureCollageMakerPro.exe
2015-01-26 18:42 - 2015-01-26 18:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Martin a Evísek\AppData\Roaming\TVQB
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Martin a Evísek\AppData\Roaming\XYNCJ
2015-01-24 18:50 - 2015-01-24 19:06 - 1395622070 _____ () C:\Users\Martin a Evísek\Downloads\Kapitan-Phillips-2013-cz-dabing.avi
2015-01-24 16:09 - 2015-01-24 16:17 - 729290651 _____ () C:\Users\Martin a Evísek\Downloads\Moje-krasna-ucitelka-komedie-cz-dabing-2012.avi
2015-01-20 19:45 - 2015-01-20 19:45 - 00002067 _____ () C:\Users\Public\Desktop\Lightroom 3.3.lnk
2015-01-20 19:45 - 2015-01-20 19:45 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.3.lnk
2015-01-20 19:41 - 2015-01-20 19:41 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\Adobe
2015-01-20 19:37 - 2015-01-20 19:39 - 204304991 _____ () C:\Users\Martin a Evísek\Downloads\Adobe-Photoshop-Lightroom-3.3.rar
2015-01-20 14:09 - 2015-01-20 14:09 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\wargaming.net
2015-01-20 12:53 - 2015-01-20 12:53 - 09499176 _____ (Wargaming.net ) C:\Users\Martin a Evísek\Downloads\WoWP_internet_install_eu.exe
2015-01-20 11:55 - 2015-01-20 11:55 - 04723632 _____ (Gaijin Entertainment ) C:\Users\Martin a Evísek\Downloads\wt_launcher_1.0.1.473.exe
2015-01-20 11:55 - 2015-01-20 11:55 - 00000000 ____D () C:\Users\Martin a Evísek\Documents\My Games
2015-01-15 10:21 - 2015-01-15 10:22 - 00000000 ____D () C:\Program Files\Recuva
2015-01-15 10:21 - 2015-01-15 10:21 - 04210920 _____ (Piriform Ltd) C:\Users\Martin a Evísek\Downloads\rcsetup151.exe
2015-01-13 20:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 20:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 20:57 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-13 20:57 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 20:57 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 20:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-10 22:25 - 2015-01-10 22:25 - 00000000 __SHD () C:\Users\Martin a Evísek\AppData\Local\EmieUserList
2015-01-10 22:25 - 2015-01-10 22:25 - 00000000 __SHD () C:\Users\Martin a Evísek\AppData\Local\EmieSiteList
2015-01-10 22:25 - 2015-01-10 22:25 - 00000000 __SHD () C:\Users\Martin a Evísek\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 21:58 - 2012-11-22 11:38 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 21:53 - 2011-09-09 20:51 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 21:36 - 2010-03-01 08:59 - 00001002 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001UA.job
2015-02-04 21:15 - 2009-07-14 05:34 - 00022688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 21:15 - 2009-07-14 05:34 - 00022688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 21:13 - 2009-11-24 00:22 - 01991658 _____ () C:\windows\WindowsUpdate.log
2015-02-04 21:08 - 2014-07-23 15:43 - 00033674 _____ () C:\windows\setupact.log
2015-02-04 21:08 - 2011-09-09 20:51 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 21:08 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-04 21:07 - 2009-11-28 18:43 - 00418786 _____ () C:\windows\PFRO.log
2015-02-04 21:06 - 2012-10-15 19:08 - 00000000 ____D () C:\Program Files\GotClip
2015-02-04 21:06 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Resources
2015-02-04 20:26 - 2009-09-26 02:08 - 01582262 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-04 20:22 - 2009-09-26 02:03 - 00279112 _____ () C:\windows\ydi.log
2015-02-04 20:22 - 2009-09-26 02:03 - 00000268 ____R () C:\windows\YukonInstall.log
2015-02-04 20:21 - 2012-04-14 19:48 - 00000000 ____D () C:\games
2015-02-04 20:13 - 2010-03-20 16:29 - 00000000 ____D () C:\Program Files\Adobe
2015-02-04 19:56 - 2014-01-03 15:22 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-04 19:56 - 2014-01-03 15:22 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-04 19:56 - 2010-05-01 18:27 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2015-02-04 19:56 - 2010-03-01 08:59 - 00002376 _____ () C:\Users\Martin a Evísek\Desktop\Google Chrome.lnk
2015-02-04 19:56 - 2009-11-23 16:50 - 00001413 _____ () C:\Users\Martin a Evísek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-04 19:53 - 2009-07-14 03:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-02-04 19:53 - 2009-07-14 03:04 - 00000580 _____ () C:\windows\win.ini
2015-02-04 19:29 - 2009-07-14 05:33 - 01798608 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-04 19:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-04 19:07 - 2009-11-23 16:50 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\PDFC
2015-02-04 18:52 - 2009-11-23 16:39 - 00127472 _____ () C:\Users\Martin a Evísek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-04 18:51 - 2009-09-26 02:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-04 10:18 - 2014-09-02 19:25 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\Adobe
2015-02-04 10:18 - 2012-08-03 05:15 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-02-04 10:18 - 2011-12-02 15:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 22:08 - 2009-11-28 18:28 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\vlc
2015-02-01 18:06 - 2015-01-01 14:32 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\Vánoce 2014
2015-01-30 09:42 - 2009-09-26 02:11 - 00000000 ____D () C:\ProgramData\PDFC
2015-01-29 11:36 - 2014-12-30 13:16 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\zima
2015-01-27 18:39 - 2014-01-03 15:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-24 16:17 - 2009-12-09 07:10 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\dvdcss
2015-01-20 19:46 - 2010-03-20 16:35 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-20 19:46 - 2010-03-14 19:44 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 19:45 - 2009-09-26 02:32 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-20 19:43 - 2009-11-28 18:15 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\Adobe
2015-01-20 12:54 - 2013-07-16 07:33 - 00000000 ___HD () C:\windows\msdownld.tmp
2015-01-20 12:54 - 2013-07-16 07:33 - 00000000 ____D () C:\windows\system32\directx
2015-01-15 13:11 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-01-15 11:00 - 2009-11-23 16:33 - 00000000 ____D () C:\Users\Martin a Evísek
2015-01-15 10:56 - 2013-12-16 18:26 - 00001948 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-01-15 08:47 - 2013-07-30 11:25 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 08:28 - 2009-12-02 21:48 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-10 22:28 - 2009-11-23 16:36 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-09 16:20 - 2010-03-20 16:40 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-01-09 16:20 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\wfp
2015-01-09 16:20 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\registration

==================== Files in the root of some directories =======

2011-05-28 18:53 - 2012-12-28 22:22 - 0860822 _____ () C:\Users\Martin a Evísek\AppData\Roaming\mdbu.bin
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Martin a Evísek\AppData\Roaming\TVQB
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Martin a Evísek\AppData\Roaming\XYNCJ
2009-11-23 16:50 - 2009-11-23 16:50 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\AtStart.txt
2013-02-11 20:20 - 2013-02-11 20:23 - 0004608 _____ () C:\Users\Martin a Evísek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-23 16:50 - 2009-11-23 16:50 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\DSwitch.txt
2009-11-23 16:50 - 2009-11-23 16:50 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\QSwitch.txt
2011-12-15 09:38 - 2011-12-15 09:38 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\{995F741E-EE35-45DF-8397-0461389F7F51}
2009-09-26 02:44 - 2009-09-26 02:44 - 0000190 _____ () C:\ProgramData\HPWALog.txt

Some content of TEMP:
====================
C:\Users\Martin a Evísek\AppData\Local\Temp\002.exe
C:\Users\Martin a Evísek\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Martin a Evísek\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001Core.job => C:\Users\Martin a Evísek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001UA.job => C:\Users\Martin a Evísek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\TVQB.job => C:\Users\Martin a Evý˙sek\AppData\Roaming\TVQB.exe <==== ATTENTION
Task: C:\windows\Tasks\XYNCJ.job => C:\Users\Martin a Evý˙sek\AppData\Roaming\XYNCJ.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:66AA0486

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin a Ev�sek\Desktop" je 101803 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files\Samsung\Kies\Kies.exe /preload [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001


==================== End Of Log ==============================
Přílohy
Addition.rar
(11.09 KiB) Staženo 43 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119679
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: žádost o odstranění cityweb a dalších šmejdů

#2 Příspěvek od Rudy »

Zdravím!
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
masakatsu
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 04 úno 2015 21:43

Re: žádost o odstranění cityweb a dalších šmejdů

#3 Příspěvek od masakatsu »

provedeno s tímto výsledkem:

# AdwCleaner v4.109 - Report created 04/02/2015 at 22:24:08
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Martin a Evísek - PC
# Running from : C:\Users\Martin a Evísek\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\GotClip
Folder Deleted : C:\Program Files\XTab
Folder Deleted : C:\Users\Martin a Evísek\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Martin a Evísek\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Martin a Evísek\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Martin a Evísek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
Folder Deleted : C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\uabe78o3.default\Extensions\DTToolbar@toolbarnet.com
Folder Deleted : C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File Deleted : C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\uabe78o3.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\uabe78o3.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\user.js
File Deleted : C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\uabe78o3.default\user.js
File Deleted : C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
File Deleted : C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : SMupdate1

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C57121BD-8EBC-4D54-B2DD-B6A34CB07152}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.icq.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Mozilla Firefox v35.0.1 (x86 cs)

[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "Icy Tower Customized Web Search");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2928751&SearchSource=3&q={searchTerms}");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A1002241%2C%22ver%22%3A1%2C%22status%22%3A1%2C%22name%22%3A%22[...]
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.Resources_resource_1002250.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20t%3Dnew%20RegExp%[...]
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("extensions.aTTSD90021300PYDKGV101145942com70881.70881.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3[...]
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14b55d8a5b9864a2911eb359f6cf8cd5");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19,{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021[...]
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.engineVerified", false);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.geolastmodified", 1306090335);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.history", "The%20witcher%202%20%C4%8De%C5%A1tinashare-rapidDAEMON%20Tools%20LiteDAEMON%20Tools%20Lite%204.40DAEMON%20Tools%20Lite%204.35DAEMON%20Tools%20Lite%204.31re[...]
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.installTime", "1301672378");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.installsource", "1");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.previousFFVersion", "4.0.1");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.skip_default_search", "yes");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.suggestions", false);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.uninstStatSent", true);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.uniqueID", "130151092513015112161301672378100");
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1306610674);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
[c0qr1l3n.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
[uabe78o3.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.installsource", "1");
[uabe78o3.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.skip_default_search", "yes");
[uabe78o3.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.installsource", "1");
[uabe78o3.default\prefs.js] - Line Deleted : user_pref("icqtoolbar.installsource", "1");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [17931 octets] - [04/02/2015 22:21:32]
AdwCleaner[S0].txt - [18467 octets] - [04/02/2015 22:24:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18528 octets] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119679
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: žádost o odstranění cityweb a dalších šmejdů

#4 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
masakatsu
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 04 úno 2015 21:43

Re: žádost o odstranění cityweb a dalších šmejdů

#5 Příspěvek od masakatsu »

nový log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by Martin a Evísek (administrator) on PC on 04-02-2015 22:41:23
Running from C:\Users\Martin a Evísek\Desktop
Loaded Profiles: Martin a Evísek (Available profiles: Martin a Evísek)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(forum.viry.cz) C:\Users\Martin a Evísek\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\runonceex: [ContentMerger] => c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [Google Update] => C:\Users\Martin a Evísek\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [458456 2014-12-19] (ZONER software)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\MountPoints2: {142f0f35-ea5d-11de-945e-18a9058c31ac} - D:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 - Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Free Lunch Design Toolbar -> {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} -> C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DeLorme Send To GPS -> {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} -> C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 10.0.0.138 194.228.196.16
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default
FF Homepage: hxxp://seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @delorme.com/SendToGPS -> C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll (DeLorme)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1320854304-368154927-3987488329-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Martin a Evísek\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1320854304-368154927-3987488329-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Martin a Evísek\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1320854304-368154927-3987488329-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin a Evísek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/)
FF Extension: Free Lunch Design Toolbar - C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} [2012-04-14]
FF Extension: Cyti Web 1.0.1 - C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{3560b757-0519-45b3-a215-cfb94afd0821}.xpi [2015-02-04]
FF Extension: Adblock Plus - C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423074366&from=obw&uid=WDCXWD3200BEKT-60F3T1_WD-WXA0A994876748767"
CHR Plugin: (Shockwave Flash) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Microsoft\® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Vyhledávání Google) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Peněženka Google) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-03-20] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [125496 2011-02-23] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [279712 2009-12-16] ()
R3 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-25] (Disc Soft Ltd)
R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [25888 2009-12-16] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R0 sptd; C:\windows\System32\Drivers\sptd.sys [320120 2014-09-25] (Duplex Secure Ltd.)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 ayo4h2pg; C:\windows\system32\Drivers\ayo4h2pg.sys [0 ] (LSI Corporation, Inc.) <==== ATTENTION (zero size file/folder)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 22:41 - 2015-02-04 22:41 - 00020948 _____ () C:\Users\Martin a Evísek\Desktop\FRST.txt
2015-02-04 22:21 - 2015-02-04 22:24 - 00000000 ____D () C:\AdwCleaner
2015-02-04 22:20 - 2015-02-04 22:20 - 02194432 _____ () C:\Users\Martin a Evísek\Desktop\adwcleaner_4.109.exe
2015-02-04 22:04 - 2015-02-04 22:04 - 00011356 _____ () C:\Users\Martin a Evísek\Desktop\Addition.rar
2015-02-04 22:00 - 2015-02-04 22:41 - 00000000 ____D () C:\FRST
2015-02-04 21:56 - 2015-02-04 21:57 - 00112640 _____ (forum.viry.cz) C:\Users\Martin a Evísek\Desktop\FRSTLauncher.exe
2015-02-04 21:56 - 2015-02-04 21:56 - 01123328 _____ (Farbar) C:\Users\Martin a Evísek\Desktop\FRST.exe
2015-02-04 20:43 - 2015-02-04 22:27 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 20:43 - 2015-02-04 20:45 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 20:43 - 2015-02-04 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 20:42 - 2015-02-04 20:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-04 20:42 - 2015-02-04 20:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 20:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-04 20:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-04 20:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-04 20:41 - 2015-02-04 20:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martin a Evísek\Downloads\mbam-setup-2.0.2.1012.exe
2015-02-04 19:53 - 2015-02-04 20:13 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\CrashDumps
2015-02-04 19:27 - 2015-02-04 19:27 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\MiniGet
2015-02-04 19:25 - 2015-02-04 19:25 - 00001374 _____ () C:\windows\Tasks\TVQB.job
2015-02-04 19:24 - 2015-02-04 19:24 - 00000000 ____D () C:\Program Files\Seznam.cz
2015-02-04 19:23 - 2015-02-04 22:32 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz
2015-02-04 19:23 - 2015-02-04 19:25 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\BrowserHelper
2015-02-04 19:23 - 2015-02-04 19:23 - 00001376 _____ () C:\windows\Tasks\XYNCJ.job
2015-02-04 19:23 - 2015-02-04 19:23 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-02-04 14:28 - 2015-02-04 14:28 - 00002037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Zoner Photo Studio 17.lnk
2015-02-04 14:28 - 2015-02-04 14:28 - 00002031 _____ () C:\Users\Public\Desktop\Zoner Photo Studio 17.lnk
2015-02-04 14:28 - 2015-02-04 14:28 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\Zoner
2015-02-04 14:28 - 2015-02-04 14:28 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\Zoner
2015-02-04 14:28 - 2015-02-04 14:28 - 00000000 ____D () C:\ProgramData\Zoner
2015-02-04 14:27 - 2015-02-04 14:27 - 00000000 ____D () C:\Users\Martin a Evísek\Downloads\zasilka-DASID5PG7C9ADKF7
2015-02-04 14:27 - 2015-02-04 14:27 - 00000000 ____D () C:\Program Files\Zoner
2015-02-04 14:23 - 2015-02-04 14:24 - 80575025 _____ () C:\Users\Martin a Evísek\Downloads\zasilka-DASID5PG7C9ADKF7.zip
2015-02-03 18:09 - 2015-02-03 19:21 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\Wellness
2015-02-01 20:55 - 2015-02-01 21:06 - 959501142 _____ () C:\Users\Martin a Evísek\Downloads\Americky-sniper-American-Sniper-2014-Cz-titkrokous.avi
2015-02-01 18:25 - 2015-02-04 18:48 - 00007485 _____ () C:\Users\Martin a Evísek\Desktop\bkakak.pwp
2015-02-01 18:25 - 2015-02-01 18:25 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\bkakak-PM
2015-02-01 17:35 - 2015-02-01 17:35 - 00001154 _____ () C:\Users\Public\Desktop\Picture Collage Maker Pro.lnk
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\Users\Public\Documents\PearlMountain
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\PearlMountain
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\ProgramData\PearlMountain
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Collage Maker Pro
2015-02-01 17:34 - 2015-02-01 17:35 - 00000000 ____D () C:\Program Files\Picture Collage Maker Pro
2015-02-01 17:26 - 2015-02-01 17:27 - 107272072 _____ (PearlMountain Technology Co., Ltd ) C:\Users\Martin a Evísek\Downloads\PictureCollageMakerPro.exe
2015-01-26 18:42 - 2015-01-26 18:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Martin a Evísek\AppData\Roaming\TVQB
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Martin a Evísek\AppData\Roaming\XYNCJ
2015-01-24 18:50 - 2015-01-24 19:06 - 1395622070 _____ () C:\Users\Martin a Evísek\Downloads\Kapitan-Phillips-2013-cz-dabing.avi
2015-01-24 16:09 - 2015-01-24 16:17 - 729290651 _____ () C:\Users\Martin a Evísek\Downloads\Moje-krasna-ucitelka-komedie-cz-dabing-2012.avi
2015-01-20 19:45 - 2015-01-20 19:45 - 00002067 _____ () C:\Users\Public\Desktop\Lightroom 3.3.lnk
2015-01-20 19:45 - 2015-01-20 19:45 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.3.lnk
2015-01-20 19:41 - 2015-01-20 19:41 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\Adobe
2015-01-20 19:37 - 2015-01-20 19:39 - 204304991 _____ () C:\Users\Martin a Evísek\Downloads\Adobe-Photoshop-Lightroom-3.3.rar
2015-01-20 14:09 - 2015-01-20 14:09 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\wargaming.net
2015-01-20 12:53 - 2015-01-20 12:53 - 09499176 _____ (Wargaming.net ) C:\Users\Martin a Evísek\Downloads\WoWP_internet_install_eu.exe
2015-01-20 11:55 - 2015-01-20 11:55 - 04723632 _____ (Gaijin Entertainment ) C:\Users\Martin a Evísek\Downloads\wt_launcher_1.0.1.473.exe
2015-01-20 11:55 - 2015-01-20 11:55 - 00000000 ____D () C:\Users\Martin a Evísek\Documents\My Games
2015-01-15 10:21 - 2015-01-15 10:22 - 00000000 ____D () C:\Program Files\Recuva
2015-01-15 10:21 - 2015-01-15 10:21 - 04210920 _____ (Piriform Ltd) C:\Users\Martin a Evísek\Downloads\rcsetup151.exe
2015-01-13 20:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 20:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 20:57 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-13 20:57 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 20:57 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 20:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-10 22:25 - 2015-01-10 22:25 - 00000000 __SHD () C:\Users\Martin a Evísek\AppData\Local\EmieUserList
2015-01-10 22:25 - 2015-01-10 22:25 - 00000000 __SHD () C:\Users\Martin a Evísek\AppData\Local\EmieSiteList
2015-01-10 22:25 - 2015-01-10 22:25 - 00000000 __SHD () C:\Users\Martin a Evísek\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 22:36 - 2010-03-01 08:59 - 00001002 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001UA.job
2015-02-04 22:33 - 2009-07-14 05:34 - 00022688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 22:33 - 2009-07-14 05:34 - 00022688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 22:30 - 2009-11-24 00:22 - 02002506 _____ () C:\windows\WindowsUpdate.log
2015-02-04 22:26 - 2014-07-23 15:43 - 00033730 _____ () C:\windows\setupact.log
2015-02-04 22:26 - 2011-09-09 20:51 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 22:26 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-04 22:25 - 2009-11-28 18:43 - 00419096 _____ () C:\windows\PFRO.log
2015-02-04 22:24 - 2009-12-02 21:26 - 00000000 ____D () C:\ProgramData\ICQ
2015-02-04 21:58 - 2012-11-22 11:38 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 21:53 - 2011-09-09 20:51 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 21:06 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Resources
2015-02-04 20:26 - 2009-09-26 02:08 - 01582262 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-04 20:22 - 2009-09-26 02:03 - 00279112 _____ () C:\windows\ydi.log
2015-02-04 20:22 - 2009-09-26 02:03 - 00000268 ____R () C:\windows\YukonInstall.log
2015-02-04 20:21 - 2012-04-14 19:48 - 00000000 ____D () C:\games
2015-02-04 20:13 - 2010-03-20 16:29 - 00000000 ____D () C:\Program Files\Adobe
2015-02-04 19:56 - 2014-01-03 15:22 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-04 19:56 - 2014-01-03 15:22 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-04 19:56 - 2010-05-01 18:27 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2015-02-04 19:56 - 2010-03-01 08:59 - 00002376 _____ () C:\Users\Martin a Evísek\Desktop\Google Chrome.lnk
2015-02-04 19:56 - 2009-11-23 16:50 - 00001413 _____ () C:\Users\Martin a Evísek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-04 19:53 - 2009-07-14 03:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-02-04 19:53 - 2009-07-14 03:04 - 00000580 _____ () C:\windows\win.ini
2015-02-04 19:29 - 2009-07-14 05:33 - 01798608 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-04 19:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-04 19:07 - 2009-11-23 16:50 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\PDFC
2015-02-04 18:52 - 2009-11-23 16:39 - 00127472 _____ () C:\Users\Martin a Evísek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-04 18:51 - 2009-09-26 02:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-04 10:18 - 2014-09-02 19:25 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\Adobe
2015-02-04 10:18 - 2012-08-03 05:15 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-02-04 10:18 - 2011-12-02 15:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 22:08 - 2009-11-28 18:28 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\vlc
2015-02-01 18:06 - 2015-01-01 14:32 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\Vánoce 2014
2015-01-30 09:42 - 2009-09-26 02:11 - 00000000 ____D () C:\ProgramData\PDFC
2015-01-29 11:36 - 2014-12-30 13:16 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\zima
2015-01-27 18:39 - 2014-01-03 15:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-24 16:17 - 2009-12-09 07:10 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\dvdcss
2015-01-20 19:46 - 2010-03-20 16:35 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-20 19:46 - 2010-03-14 19:44 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 19:45 - 2009-09-26 02:32 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-20 19:43 - 2009-11-28 18:15 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\Adobe
2015-01-20 12:54 - 2013-07-16 07:33 - 00000000 ___HD () C:\windows\msdownld.tmp
2015-01-20 12:54 - 2013-07-16 07:33 - 00000000 ____D () C:\windows\system32\directx
2015-01-15 13:11 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-01-15 11:00 - 2009-11-23 16:33 - 00000000 ____D () C:\Users\Martin a Evísek
2015-01-15 10:56 - 2013-12-16 18:26 - 00001948 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-01-15 08:47 - 2013-07-30 11:25 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 08:28 - 2009-12-02 21:48 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-10 22:28 - 2009-11-23 16:36 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-09 16:20 - 2010-03-20 16:40 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-01-09 16:20 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\wfp
2015-01-09 16:20 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\registration

==================== Files in the root of some directories =======

2011-05-28 18:53 - 2012-12-28 22:22 - 0860822 _____ () C:\Users\Martin a Evísek\AppData\Roaming\mdbu.bin
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Martin a Evísek\AppData\Roaming\TVQB
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Martin a Evísek\AppData\Roaming\XYNCJ
2009-11-23 16:50 - 2009-11-23 16:50 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\AtStart.txt
2013-02-11 20:20 - 2013-02-11 20:23 - 0004608 _____ () C:\Users\Martin a Evísek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-23 16:50 - 2009-11-23 16:50 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\DSwitch.txt
2009-11-23 16:50 - 2009-11-23 16:50 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\QSwitch.txt
2011-12-15 09:38 - 2011-12-15 09:38 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\{995F741E-EE35-45DF-8397-0461389F7F51}
2009-09-26 02:44 - 2009-09-26 02:44 - 0000190 _____ () C:\ProgramData\HPWALog.txt

Some content of TEMP:
====================
C:\Users\Martin a Evísek\AppData\Local\Temp\002.exe
C:\Users\Martin a Evísek\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Martin a Evísek\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin a Evísek\AppData\Local\Temp\sqlite3.dll
C:\Users\Martin a Evísek\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001Core.job => C:\Users\Martin a Evísek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001UA.job => C:\Users\Martin a Evísek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\TVQB.job => C:\Users\Martin a Evý˙sek\AppData\Roaming\TVQB.exe <==== ATTENTION
Task: C:\windows\Tasks\XYNCJ.job => C:\Users\Martin a Evý˙sek\AppData\Roaming\XYNCJ.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:66AA0486

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Martin a Ev�sek\Desktop" je 101805 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files\Samsung\Kies\Kies.exe /preload [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119679
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: žádost o odstranění cityweb a dalších šmejdů

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\MountPoints2: {142f0f35-ea5d-11de-945e-18a9058c31ac} - D:\LaunchU3.exe -a
URLSearchHook: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 - Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Free Lunch Design Toolbar -> {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} -> C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
C:\Program Files\Free_Lunch_Design
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: DeLorme Send To GPS -> {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} -> C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Default Plug-in) - default_plugin No File
C:\windows\Tasks\TVQB.job
C:\Users\Public\Documents\ShopperPro
C:\Users\Martin a Evísek\AppData\Roaming\TVQB
C:\Users\Martin a Evísek\AppData\Roaming\XYNCJ
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001UA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\msdownld.tmp
C:\Users\Martin a Evísek\AppData\Local
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001Core.job
Task: C:\windows\Tasks\TVQB.job => C:\Users\Martin a Evý˙sek\AppData\Roaming\TVQB.exe <==== ATTENTION
Task: C:\windows\Tasks\XYNCJ.job => C:\Users\Martin a Evý˙sek\AppData\Roaming\XYNCJ.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:66AA0486
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
masakatsu
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 04 úno 2015 21:43

Re: žádost o odstranění cityweb a dalších šmejdů

#7 Příspěvek od masakatsu »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-02-2015 01
Ran by Martin a Evísek at 2015-02-05 18:41:51 Run:1
Running from C:\Users\Martin a Evísek\Desktop
Loaded Profiles: Martin a Evísek (Available profiles: Martin a Evísek)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\MountPoints2: {142f0f35-ea5d-11de-945e-18a9058c31ac} - D:\LaunchU3.exe -a
URLSearchHook: HKU\S-1-5-21-1320854304-368154927-3987488329-1001 - Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Free Lunch Design Toolbar -> {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} -> C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
C:\Program Files\Free_Lunch_Design
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: DeLorme Send To GPS -> {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} -> C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre0.dll (Conduit Ltd.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Default Plug-in) - default_plugin No File
C:\windows\Tasks\TVQB.job
C:\Users\Public\Documents\ShopperPro
C:\Users\Martin a Evísek\AppData\Roaming\TVQB
C:\Users\Martin a Evísek\AppData\Roaming\XYNCJ
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001UA.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\msdownld.tmp
C:\Users\Martin a Evísek\AppData\Local
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001Core.job
Task: C:\windows\Tasks\TVQB.job => C:\Users\Martin a Evý˙sek\AppData\Roaming\TVQB.exe <==== ATTENTION
Task: C:\windows\Tasks\XYNCJ.job => C:\Users\Martin a Evý˙sek\AppData\Roaming\XYNCJ.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:66AA0486
End
*****************

"HKU\S-1-5-21-1320854304-368154927-3987488329-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{142f0f35-ea5d-11de-945e-18a9058c31ac}" => Key deleted successfully.
HKCR\CLSID\{142f0f35-ea5d-11de-945e-18a9058c31ac} => Key not found.
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} => value deleted successfully.
"HKCR\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}" => Key deleted successfully.
HKCR\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
C:\Program Files\Free_Lunch_Design => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}" => Key deleted successfully.
"HKCR\CLSID\{FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => value deleted successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} => value deleted successfully.
HKCR\CLSID\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} => Key not found.
"HKCR\PROTOCOLS\Handler\livecall" => Key deleted successfully.
"HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\msnim" => Key deleted successfully.
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\windows\Tasks\TVQB.job => Moved successfully.
C:\Users\Public\Documents\ShopperPro => Moved successfully.
C:\Users\Martin a Evísek\AppData\Roaming\TVQB => Moved successfully.
C:\Users\Martin a Evísek\AppData\Roaming\XYNCJ => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001UA.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\windows\msdownld.tmp => Moved successfully.
"C:\Users\Martin a Evísek\AppData\Local" => Warning: FRST is scripted not to move this directory.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1320854304-368154927-3987488329-1001Core.job => Moved successfully.
C:\windows\Tasks\TVQB.job not found.
C:\windows\Tasks\XYNCJ.job => Moved successfully.
C:\ProgramData\TEMP => ":66AA0486" ADS removed successfully.

==== End of Fixlog 18:41:52 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119679
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: žádost o odstranění cityweb a dalších šmejdů

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
masakatsu
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 04 úno 2015 21:43

Re: žádost o odstranění cityweb a dalších šmejdů

#9 Příspěvek od masakatsu »

Bohužel mi Malwarebytes stále hlásí přítomnost citywebu a tento najdu stále i mezi programy :?:
Nahoru
masakatsu
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 04 úno 2015 21:43

Re: žádost o odstranění cityweb a dalších šmejdů

#10 Příspěvek od masakatsu »

FRST nyní vypadá takhle:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by Martin a Evísek (administrator) on PC on 05-02-2015 20:09:22
Running from C:\Users\Martin a Evísek\Desktop
Loaded Profiles: Martin a Evísek (Available profiles: Martin a Evísek)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Google Inc.) C:\Users\Martin a Evísek\AppData\Local\Google\Update\GoogleUpdate.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(forum.viry.cz) C:\Users\Martin a Evísek\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-27] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\runonceex: [ContentMerger] => c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [Google Update] => C:\Users\Martin a Evísek\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [458456 2014-12-19] (ZONER software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1320854304-368154927-3987488329-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 10.0.0.138 194.228.196.16
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default
FF Homepage: hxxp://seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @delorme.com/SendToGPS -> C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll (DeLorme)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1320854304-368154927-3987488329-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Martin a Evísek\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1320854304-368154927-3987488329-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Martin a Evísek\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1320854304-368154927-3987488329-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin a Evísek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/)
FF Extension: Free Lunch Design Toolbar - C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} [2012-04-14]
FF Extension: Cyti Web 1.0.1 - C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{3560b757-0519-45b3-a215-cfb94afd0821}.xpi [2015-02-04]
FF Extension: Adblock Plus - C:\Users\Martin a Evísek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1423074366&from=obw&uid=WDCXWD3200BEKT-60F3T1_WD-WXA0A994876748767"
CHR Plugin: (Shockwave Flash) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Microsoft\® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Vyhledávání Google) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Peněženka Google) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Martin a Evísek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-03-20] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [125496 2011-02-23] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 atksgt; C:\windows\System32\DRIVERS\atksgt.sys [279712 2009-12-16] ()
R3 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-09-25] (Disc Soft Ltd)
R2 lirsgt; C:\windows\System32\DRIVERS\lirsgt.sys [25888 2009-12-16] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R0 sptd; C:\windows\System32\Drivers\sptd.sys [320120 2014-09-25] (Duplex Secure Ltd.)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U3 a0qszm7r; C:\windows\system32\Drivers\a0qszm7r.sys [0 ] (Silicon Integrated Systems Corp.) <==== ATTENTION (zero size file/folder)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 20:09 - 2015-02-05 20:09 - 00029696 _____ () C:\Users\Martin a Evísek\AppData\Local\MSGBOX.EXE
2015-02-05 20:09 - 2015-02-05 20:09 - 00019132 _____ () C:\Users\Martin a Evísek\Desktop\FRST.txt
2015-02-05 20:09 - 2015-02-05 20:09 - 00015327 _____ () C:\Users\Martin a Evísek\Desktop\LM.bat
2015-02-04 22:21 - 2015-02-04 22:24 - 00000000 ____D () C:\AdwCleaner
2015-02-04 22:20 - 2015-02-04 22:20 - 02194432 _____ () C:\Users\Martin a Evísek\Desktop\adwcleaner_4.109.exe
2015-02-04 22:00 - 2015-02-05 20:09 - 00000000 ____D () C:\FRST
2015-02-04 21:56 - 2015-02-04 21:57 - 00112640 _____ (forum.viry.cz) C:\Users\Martin a Evísek\Desktop\FRSTLauncher.exe
2015-02-04 21:56 - 2015-02-04 21:56 - 01123328 _____ (Farbar) C:\Users\Martin a Evísek\Desktop\FRST.exe
2015-02-04 20:43 - 2015-02-05 19:47 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 20:43 - 2015-02-04 20:45 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 20:43 - 2015-02-04 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 20:42 - 2015-02-04 20:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-04 20:42 - 2015-02-04 20:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 20:42 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-04 20:42 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-04 20:42 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-04 20:41 - 2015-02-04 20:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Martin a Evísek\Downloads\mbam-setup-2.0.2.1012.exe
2015-02-04 19:53 - 2015-02-05 18:41 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\CrashDumps
2015-02-04 19:27 - 2015-02-04 19:27 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\MiniGet
2015-02-04 19:24 - 2015-02-04 19:24 - 00000000 ____D () C:\Program Files\Seznam.cz
2015-02-04 19:23 - 2015-02-05 19:52 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\Seznam.cz
2015-02-04 19:23 - 2015-02-04 19:25 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\BrowserHelper
2015-02-04 14:28 - 2015-02-04 14:28 - 00002037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Zoner Photo Studio 17.lnk
2015-02-04 14:28 - 2015-02-04 14:28 - 00002031 _____ () C:\Users\Public\Desktop\Zoner Photo Studio 17.lnk
2015-02-04 14:28 - 2015-02-04 14:28 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\Zoner
2015-02-04 14:28 - 2015-02-04 14:28 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\Zoner
2015-02-04 14:28 - 2015-02-04 14:28 - 00000000 ____D () C:\ProgramData\Zoner
2015-02-04 14:27 - 2015-02-04 14:27 - 00000000 ____D () C:\Users\Martin a Evísek\Downloads\zasilka-DASID5PG7C9ADKF7
2015-02-04 14:27 - 2015-02-04 14:27 - 00000000 ____D () C:\Program Files\Zoner
2015-02-04 14:23 - 2015-02-04 14:24 - 80575025 _____ () C:\Users\Martin a Evísek\Downloads\zasilka-DASID5PG7C9ADKF7.zip
2015-02-03 18:09 - 2015-02-03 19:21 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\Wellness
2015-02-01 20:55 - 2015-02-01 21:06 - 959501142 _____ () C:\Users\Martin a Evísek\Downloads\Americky-sniper-American-Sniper-2014-Cz-titkrokous.avi
2015-02-01 18:25 - 2015-02-04 18:48 - 00007485 _____ () C:\Users\Martin a Evísek\Desktop\bkakak.pwp
2015-02-01 18:25 - 2015-02-01 18:25 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\bkakak-PM
2015-02-01 17:35 - 2015-02-01 17:35 - 00001154 _____ () C:\Users\Public\Desktop\Picture Collage Maker Pro.lnk
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\Users\Public\Documents\PearlMountain
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\PearlMountain
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\ProgramData\PearlMountain
2015-02-01 17:35 - 2015-02-01 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Collage Maker Pro
2015-02-01 17:34 - 2015-02-01 17:35 - 00000000 ____D () C:\Program Files\Picture Collage Maker Pro
2015-02-01 17:26 - 2015-02-01 17:27 - 107272072 _____ (PearlMountain Technology Co., Ltd ) C:\Users\Martin a Evísek\Downloads\PictureCollageMakerPro.exe
2015-01-26 18:42 - 2015-01-26 18:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 18:50 - 2015-01-24 19:06 - 1395622070 _____ () C:\Users\Martin a Evísek\Downloads\Kapitan-Phillips-2013-cz-dabing.avi
2015-01-24 16:09 - 2015-01-24 16:17 - 729290651 _____ () C:\Users\Martin a Evísek\Downloads\Moje-krasna-ucitelka-komedie-cz-dabing-2012.avi
2015-01-20 19:45 - 2015-01-20 19:45 - 00002067 _____ () C:\Users\Public\Desktop\Lightroom 3.3.lnk
2015-01-20 19:45 - 2015-01-20 19:45 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.3.lnk
2015-01-20 19:41 - 2015-01-20 19:41 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\Adobe
2015-01-20 19:37 - 2015-01-20 19:39 - 204304991 _____ () C:\Users\Martin a Evísek\Downloads\Adobe-Photoshop-Lightroom-3.3.rar
2015-01-20 14:09 - 2015-01-20 14:09 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\wargaming.net
2015-01-20 12:53 - 2015-01-20 12:53 - 09499176 _____ (Wargaming.net ) C:\Users\Martin a Evísek\Downloads\WoWP_internet_install_eu.exe
2015-01-20 11:55 - 2015-01-20 11:55 - 04723632 _____ (Gaijin Entertainment ) C:\Users\Martin a Evísek\Downloads\wt_launcher_1.0.1.473.exe
2015-01-20 11:55 - 2015-01-20 11:55 - 00000000 ____D () C:\Users\Martin a Evísek\Documents\My Games
2015-01-15 10:21 - 2015-01-15 10:22 - 00000000 ____D () C:\Program Files\Recuva
2015-01-15 10:21 - 2015-01-15 10:21 - 04210920 _____ (Piriform Ltd) C:\Users\Martin a Evísek\Downloads\rcsetup151.exe
2015-01-13 20:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 20:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 20:57 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-01-13 20:57 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 20:57 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 20:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-10 22:25 - 2015-01-10 22:25 - 00000000 __SHD () C:\Users\Martin a Evísek\AppData\Local\EmieUserList
2015-01-10 22:25 - 2015-01-10 22:25 - 00000000 __SHD () C:\Users\Martin a Evísek\AppData\Local\EmieSiteList
2015-01-10 22:25 - 2015-01-10 22:25 - 00000000 __SHD () C:\Users\Martin a Evísek\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 20:03 - 2009-11-24 00:22 - 02090617 _____ () C:\windows\WindowsUpdate.log
2015-02-05 19:58 - 2012-11-22 11:38 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 19:54 - 2009-07-14 05:34 - 00022688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 19:54 - 2009-07-14 05:34 - 00022688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 19:47 - 2014-07-23 15:43 - 00033954 _____ () C:\windows\setupact.log
2015-02-05 19:47 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-05 16:59 - 2012-08-03 05:15 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-02-05 16:59 - 2011-12-02 15:37 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 22:25 - 2009-11-28 18:43 - 00419096 _____ () C:\windows\PFRO.log
2015-02-04 22:24 - 2009-12-02 21:26 - 00000000 ____D () C:\ProgramData\ICQ
2015-02-04 21:06 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Resources
2015-02-04 20:26 - 2009-09-26 02:08 - 01582262 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-04 20:22 - 2009-09-26 02:03 - 00279112 _____ () C:\windows\ydi.log
2015-02-04 20:22 - 2009-09-26 02:03 - 00000268 ____R () C:\windows\YukonInstall.log
2015-02-04 20:21 - 2012-04-14 19:48 - 00000000 ____D () C:\games
2015-02-04 20:13 - 2010-03-20 16:29 - 00000000 ____D () C:\Program Files\Adobe
2015-02-04 19:56 - 2014-01-03 15:22 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-04 19:56 - 2014-01-03 15:22 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-04 19:56 - 2010-05-01 18:27 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2015-02-04 19:56 - 2010-03-01 08:59 - 00002376 _____ () C:\Users\Martin a Evísek\Desktop\Google Chrome.lnk
2015-02-04 19:56 - 2009-11-23 16:50 - 00001413 _____ () C:\Users\Martin a Evísek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-04 19:53 - 2009-07-14 03:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-02-04 19:53 - 2009-07-14 03:04 - 00000580 _____ () C:\windows\win.ini
2015-02-04 19:29 - 2009-07-14 05:33 - 01798608 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-04 19:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-04 19:07 - 2009-11-23 16:50 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\PDFC
2015-02-04 18:52 - 2009-11-23 16:39 - 00127472 _____ () C:\Users\Martin a Evísek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-04 18:51 - 2009-09-26 02:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-04 10:18 - 2014-09-02 19:25 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Local\Adobe
2015-02-03 22:08 - 2009-11-28 18:28 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\vlc
2015-02-01 18:06 - 2015-01-01 14:32 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\Vánoce 2014
2015-01-30 09:42 - 2009-09-26 02:11 - 00000000 ____D () C:\ProgramData\PDFC
2015-01-29 11:36 - 2014-12-30 13:16 - 00000000 ____D () C:\Users\Martin a Evísek\Desktop\zima
2015-01-27 18:39 - 2014-01-03 15:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-24 16:17 - 2009-12-09 07:10 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\dvdcss
2015-01-20 19:46 - 2010-03-20 16:35 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-20 19:46 - 2010-03-14 19:44 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 19:45 - 2009-09-26 02:32 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-20 19:43 - 2009-11-28 18:15 - 00000000 ____D () C:\Users\Martin a Evísek\AppData\Roaming\Adobe
2015-01-20 12:54 - 2013-07-16 07:33 - 00000000 ____D () C:\windows\system32\directx
2015-01-15 13:11 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-01-15 11:00 - 2009-11-23 16:33 - 00000000 ____D () C:\Users\Martin a Evísek
2015-01-15 10:56 - 2013-12-16 18:26 - 00001948 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-01-15 08:47 - 2013-07-30 11:25 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 08:28 - 2009-12-02 21:48 - 110348472 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-10 22:28 - 2009-11-23 16:36 - 00000000 ____D () C:\ProgramData\WinZip
2015-01-09 16:20 - 2010-03-20 16:40 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-01-09 16:20 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\wfp
2015-01-09 16:20 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\registration

==================== Files in the root of some directories =======

2011-05-28 18:53 - 2012-12-28 22:22 - 0860822 _____ () C:\Users\Martin a Evísek\AppData\Roaming\mdbu.bin
2009-11-23 16:50 - 2009-11-23 16:50 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\AtStart.txt
2013-02-11 20:20 - 2013-02-11 20:23 - 0004608 _____ () C:\Users\Martin a Evísek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-23 16:50 - 2009-11-23 16:50 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\DSwitch.txt
2015-02-05 20:09 - 2015-02-05 20:09 - 0029696 _____ () C:\Users\Martin a Evísek\AppData\Local\MSGBOX.EXE
2009-11-23 16:50 - 2009-11-23 16:50 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\QSwitch.txt
2011-12-15 09:38 - 2011-12-15 09:38 - 0000000 _____ () C:\Users\Martin a Evísek\AppData\Local\{995F741E-EE35-45DF-8397-0461389F7F51}
2009-09-26 02:44 - 2009-09-26 02:44 - 0000190 _____ () C:\ProgramData\HPWALog.txt

Some content of TEMP:
====================
C:\Users\Martin a Evísek\AppData\Local\Temp\002.exe
C:\Users\Martin a Evísek\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Martin a Evísek\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin a Evísek\AppData\Local\Temp\sqlite3.dll
C:\Users\Martin a Evísek\AppData\Local\Temp\tu17p84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119679
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: žádost o odstranění cityweb a dalších šmejdů

#11 Příspěvek od Rudy »

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
masakatsu
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 04 úno 2015 21:43

Re: žádost o odstranění cityweb a dalších šmejdů

#12 Příspěvek od masakatsu »

výsledek je uložený v příloze v raru, má moc řádků
Přílohy
výsledek malwarebytes.rar
(7.21 KiB) Staženo 40 x
Nahoru
masakatsu
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 04 úno 2015 21:43

Re: žádost o odstranění cityweb a dalších šmejdů

#13 Příspěvek od masakatsu »

Teprve teď mi došlo,že chcete asi tenhle log:


Scan Time: 21:06:15
Logfile: log soubory.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.05.08
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Martin a EvA­sek

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329387
Time Elapsed: 17 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Agent, C:\Users\Martin a EvA­sek\AppData\Local\Temp\Quarantine.exe, , [805c9585494123134349938803ff2cd4],
PUP.Optional.CrossRider.A, C:\Users\Martin a EvA­sek\AppData\Roaming\Mozilla\Firefox\Profiles\c0qr1l3n.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14b55d8a5b9864a2911eb359f6cf8cd5");), ,[e0fc76a45f2bfe38f415d21d6e9720e0]

Physical Sectors: 0
(No malicious items detected)


(end)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119679
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: žádost o odstranění cityweb a dalších šmejdů

#14 Příspěvek od Rudy »

Vše, co MBAM nalezl, smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
masakatsu
Návštěvník
Návštěvník
Příspěvky: 12
Registrován: 04 úno 2015 21:43

Re: žádost o odstranění cityweb a dalších šmejdů

#15 Příspěvek od masakatsu »

provedeno a stále mi vyskakují upozornění od MBAM
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“