Ruský šmejd - změna vyhledávače po spuštění

Zpráva

bilejpes · #1 Příspěvek od **bilejpes** » 09 úno 2015 11:45

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jonas at 2015-02-09 11:43:30
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 44 GB (18%) free of 238 GB
Total RAM: 6142 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:32, on 9.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Users\Jonas\AppData\Local\Kometa\kometaup.exe
C:\Program Files\trend micro\Jonas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://2inf.net/?utm_source=startpage12
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [mcwmxwfpav] cmd /c start http://foretuned.com/
O4 - HKCU\..\Run: [kometaup] C:\Users\Jonas\AppData\Local\Kometa\kometaup.exe --windows-start
O4 - HKCU\..\RunOnce: [GoSearchRemoveAppiexplore] cmd /Q /C del /Q "C:\Users\Jonas\AppData\Local\Temp\NET8B9~2.EXE"
O4 - HKCU\..\RunOnce: [GoSearchRemoveAppfirefox] cmd /Q /C del /Q "C:\Users\Jonas\AppData\Local\Temp\NET8B9~1.EXE"
O4 - HKCU\..\RunOnce: [GoSearchRemoveAppchrome] cmd /Q /C del /Q "C:\Users\Jonas\AppData\Local\Temp\NET8AF~1.EXE"
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex (User 'Default user')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8234 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
c:\windows\system32\svchost.exe -k dcomlaunch
c:\windows\system32\svchost.exe -k rpcss
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k gpsvcgroup
c:\windows\system32\svchost.exe -k networkservice
atieclxx
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
C:\Windows\SysWOW64\XSrvSetup.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
c:\windows\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2236
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Microsoft Device Center\itype.exe"
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
"C:\Program Files\Microsoft Device Center\ipoint.exe"
"C:\Windows\WindowsMobile\wmdcBase.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-19b28794-401c-432c-b0bd-93c3880b2b9d -SystemEventPortName:HostProcess-12ac3969-d4a6-4365-8077-9cd18060b393 -IoCancelEventPortName:HostProcess-e9e5df5d-885f-4312-b309-595e3595edee -NonStateChangingEventPortName:HostProcess-4047d745-cbfe-41a6-a555-777ba2921558 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:29ab377d-2b38-4870-bc67-cd44bc282896 -DeviceGroupId:WpdFsGroup
c:\windows\system32\svchost.exe -k windowsmobile
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe"
"C:\Users\Jonas\AppData\Local\Kometa\kometaup.exe" --windows-start
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Users\Jonas\Downloads\RSITx64.exe"
C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default

prefs.js - "browser.search.suggest.enabled" - true
prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "browser.startup.homepage" - "http://2inf.net/?utm_source=startpage12"
prefs.js - "keyword.URL" - "http://go.mail.ru/search?fr=ntg&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\searchplugins\
default-search.xml
GoSearch.xml
mailru.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 1331288]
"IntelliType Pro"=C:\Program Files\Microsoft Device Center\itype.exe [2000-01-01 1464928]
"IntelliPoint"=C:\Program Files\Microsoft Device Center\ipoint.exe [2000-01-01 2004584]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 660360]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 190536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-06-16 833024]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-01-20 7404312]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2014-06-16 833024]
"mcwmxwfpav"=cmd /c start http://foretuned.com/ []
"kometaup"=C:\Users\Jonas\AppData\Local\Kometa\kometaup.exe [2015-02-04 1005112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"GoSearchRemoveAppiexplore"=cmd /Q /C del /Q C:\Users\Jonas\AppData\Local\Temp\NET8B9~2.EXE []
"GoSearchRemoveAppfirefox"=cmd /Q /C del /Q C:\Users\Jonas\AppData\Local\Temp\NET8B9~1.EXE []
"GoSearchRemoveAppchrome"=cmd /Q /C del /Q C:\Users\Jonas\AppData\Local\Temp\NET8AF~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe /AutoStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Jonas\AppData\Local\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2000-01-01 43608]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-02-09 11:20:09 ----D---- C:\Windows\system32\log
2015-02-04 15:19:50 ----D---- C:\ProgramData\HiSuiteDataSvc
2015-02-04 15:19:14 ----A---- C:\Windows\system32\drivers\WUDFUpdate_01009.dll
2015-02-04 15:19:14 ----A---- C:\Windows\system32\drivers\winusbcoinstaller2.dll
2015-02-04 15:19:14 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01009.dll
2015-02-04 15:19:14 ----A---- C:\Windows\system32\drivers\hw_quusbnet.sys
2015-02-04 15:19:00 ----D---- C:\Program Files (x86)\HiSuite
2015-01-14 11:14:04 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-14 11:14:04 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-14 11:14:04 ----A---- C:\Windows\system32\profsvc.dll
2015-01-14 11:14:04 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-14 11:14:01 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:14:01 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-14 11:13:59 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-01-14 11:13:59 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-01-14 11:13:59 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:13:58 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-01-14 11:13:58 ----A---- C:\Windows\system32\srcore.dll
2015-01-14 11:13:58 ----A---- C:\Windows\system32\srclient.dll
2015-01-14 11:13:58 ----A---- C:\Windows\system32\rstrui.exe
2015-01-13 23:57:02 ----D---- C:\Program Files (x86)\SDA
2015-01-12 16:07:53 ----D---- C:\ProgramData\icondir

======List of files/folders modified in the last 1 month======

2015-02-09 11:43:32 ----D---- C:\Windows\Prefetch
2015-02-09 11:43:31 ----D---- C:\Program Files\trend micro
2015-02-09 11:39:40 ----D---- C:\Windows\system32\appmgmt
2015-02-09 11:37:38 ----RD---- C:\Program Files (x86)
2015-02-09 11:37:12 ----D---- C:\Windows\system32\drivers
2015-02-09 11:37:02 ----D---- C:\Windows\temp
2015-02-09 11:31:31 ----SHD---- C:\Windows\Installer
2015-02-09 11:31:28 ----D---- C:\Windows\system32\catroot
2015-02-09 11:31:27 ----D---- C:\Windows\system32\DriverStore
2015-02-09 11:31:27 ----D---- C:\Windows\inf
2015-02-09 11:31:17 ----D---- C:\Windows\system32\catroot2
2015-02-09 11:31:06 ----SHD---- C:\System Volume Information
2015-02-09 11:29:26 ----D---- C:\Windows\system32\config
2015-02-09 11:25:41 ----D---- C:\ProgramData
2015-02-09 11:24:29 ----D---- C:\Windows
2015-02-09 11:23:05 ----HD---- C:\$WINDOWS.~BT
2015-02-09 11:20:09 ----D---- C:\Windows\System32
2015-02-08 16:44:46 ----D---- C:\Windows\Tasks
2015-02-06 16:45:28 ----D---- C:\Windows\SysWOW64
2015-02-06 16:45:23 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-02-06 16:32:52 ----D---- C:\ProgramData\Spybot - Search & Destroy
2015-02-06 15:24:35 ----D---- C:\Program Files (x86)\War Thunder
2015-02-04 16:05:24 ----D---- C:\Users\Jonas\AppData\Roaming\AIMP3
2015-02-04 16:05:05 ----D---- C:\Windows\Logs
2015-02-04 16:05:05 ----D---- C:\Windows\debug
2015-02-04 16:03:37 ----D---- C:\Windows\system32\Tasks
2015-02-04 15:30:30 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2015-02-04 15:21:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-02-03 16:20:08 ----D---- C:\Program Files\CCleaner
2015-02-03 16:17:33 ----D---- C:\Program Files (x86)\PokerStars
2015-01-24 16:27:48 ----D---- C:\ProgramData\SP_FT_Logs
2015-01-21 18:53:31 ----D---- C:\Program Files (x86)\Java
2015-01-21 18:53:17 ----D---- C:\Program Files (x86)\Common Files
2015-01-21 18:52:59 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-01-16 15:58:55 ----D---- C:\Windows\winsxs
2015-01-14 21:07:31 ----D---- C:\Windows\system32\MRT
2015-01-14 21:07:28 ----A---- C:\Windows\system32\MRT.exe
2015-01-12 16:13:42 ----D---- C:\Users\Jonas\AppData\Roaming\Lenovo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2012-03-30 120920]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 269008]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-12-05 283064]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2013-07-21 231376]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 125584]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-11-21 18959360]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-11-21 589312]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2014-06-21 94720]
R3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2000-01-01 52320]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2000-01-01 46176]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 685672]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 26440]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 16200]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S1 iSafeKrnlMon;YAC Monitor Driver; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys []
S3 Andbus;LGE Android Platform Composite USB Device; C:\Windows\system32\DRIVERS\lgandbus64.sys []
S3 AndDiag;LGE Android Platform USB Serial Port; C:\Windows\system32\DRIVERS\lganddiag64.sys []
S3 AndGps;LGE Android Platform USB GPS NMEA Port; C:\Windows\system32\DRIVERS\lgandgps64.sys []
S3 ANDModem;LGE Android Platform USB Modem; C:\Windows\system32\DRIVERS\lgandmodem64.sys []
S3 andnetadb;ADB Interface DriverNet; C:\Windows\System32\Drivers\lgandnetadb.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 cpuz135;cpuz135; \??\C:\Users\Jonas\AppData\Local\Temp\cpuz135\cpuz135_x64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 HWHandSet;HWUSBSERSP; C:\Windows\system32\DRIVERS\hw_quusbmdm.sys [2011-10-24 223232]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2000-01-01 23648]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2012-10-02 15712]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbser;USB Serial emulation modem driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;Lenovo USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-11-21 244736]
R2 JMB36X;JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [2000-01-01 72280]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 23784]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-05-29 75136]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe -/service []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-19 114800]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-15 1900400]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-21 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 09 úno 2015 16:06

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

bilejpes · #3 Příspěvek od **bilejpes** » 09 úno 2015 16:28

# AdwCleaner v4.110 - Logfile created 09/02/2015 at 16:26:02
# Updated 05/02/2015 by Xplode
# Database : 2015-02-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jonas - JONAS-PC
# Running from : C:\Users\Jonas\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : iSafeKrnlMon
Service Deleted : {6d550375-e98e-48ce-8260-daa7e461d495}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Jonas\AppData\Local\Mail.Ru
Folder Deleted : C:\Users\Jonas\AppData\Local\MailRu
Folder Deleted : C:\Users\Jonas\AppData\Local\Kometa
Folder Deleted : C:\Users\Jonas\AppData\Roaming\FirefoxToolbar
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Windows\System32\drivers\{6d550375-e98e-48ce-8260-daa7e461d495}Gw64.sys
File Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\searchplugins\default-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml
File Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\user.js
File Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\searchplugins\GoSearch.xml

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\?o??? ? ???e??e? 2inf.net.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\kneggodalbcmgdkkfhbhbicbbahnacjb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kneggodalbcmgdkkfhbhbicbbahnacjb
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FE48F08-A2AC-44AC-A21C-0556D91C50DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v34.0.5 (x86 cs)

[94czhu4y.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://2inf.net/?utm_source=startpage12");

-\\ Google Chrome v42.0.2292.0

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [3517 bytes] - [02/04/2014 18:25:56]
AdwCleaner[R1].txt - [5875 bytes] - [09/02/2015 16:16:29]
AdwCleaner[S0].txt - [3457 bytes] - [02/04/2014 18:27:08]
AdwCleaner[S1].txt - [5580 bytes] - [09/02/2015 16:26:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5639 bytes] ##########

bilejpes · #4 Příspěvek od **bilejpes** » 09 úno 2015 17:08

Zoek.exe v5.0.0.0 Updated 08-February-2015
Tool run by Jonas on po 09.02.2015 at 16:29:15,72.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jonas\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

9.2.2015 16:31:53 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AnvSoft deleted successfully
C:\PROGRA~2\GRETECH deleted successfully
C:\PROGRA~2\HiSuite deleted successfully
C:\PROGRA~2\Lenovo deleted successfully
C:\PROGRA~2\Pando Networks deleted successfully
C:\PROGRA~2\Seznam.cz deleted successfully
C:\PROGRA~2\Steam2 deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\COMMON~1\Apple deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Program Files\DIFX deleted successfully
C:\PROGRA~3\Avid deleted successfully
C:\PROGRA~3\boost_interprocess deleted successfully
C:\PROGRA~3\GARMIN deleted successfully
C:\PROGRA~3\Lenovo deleted successfully
C:\PROGRA~3\LGMOBILEAX deleted successfully
C:\Users\Jonas\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Jonas\AppData\Local\calibre-cache deleted successfully
C:\Users\Jonas\AppData\Local\CrashDumps deleted successfully
C:\Users\Jonas\AppData\Local\WarThunder deleted successfully
C:\Users\Jonas\AppData\Local\WMTools Downloaded Files deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C6CF3C0-D800-4B4D-A3D8-8ADE406523B6} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\prefs.js:
107
user_pref("browser.search.defaultenginename", "GoSearch");

user_pref("browser.search.selectedEngine", "GoSearch");

Added to C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Users\Jonas\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Jonas\AppData\Local\cache deleted
C:\Windows\Syswow64\GroupPolicy\Adm deleted
C:\Windows\Syswow64\GroupPolicy\Machine deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\searchplugins\GoSearch.xml deleted
C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\.autoreg deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default
- Undetermined - sracka@pica.cz

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies

==== Chromium Look ======================

Google Chrome Version: 42.0.2292.0 (Possible outdated, latest Stable version: 40.0.2214.94)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gdknicmnhbaajdglbinpahhapghpakch - No path found[]
hfjpfadmjjdiglgmogennkhbinbgdkhm - C:\ProgramData\Turqia\FlashPlayerv2.crx[07.07.2014 08:56]
jedelkhanefmcnpappfhachbpnlhomai - No path found[]
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
pganlglbhgfjfgopijbhemcpbehjnpia - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{A06ED961-D98F-4CF9-A89B-80AB11DB149C}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{A06ED961-D98F-4CF9-A89B-80AB11DB149C} GoSearch Url="http://go-search.ru/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jonas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=124 folders=54 31603181 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jonas\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jonas\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 09.02.2015 at 16:44:04,07 ======================

bilejpes · #5 Příspěvek od **bilejpes** » 09 úno 2015 17:10

Po restartu opět ruská srač...

Jinak velmi děkuji za pomoc, abych to upřesnil po restartu se mě spustí chrome a naběhne nějaká ruská stránka.

#6 Příspěvek od **vyosek** » 09 úno 2015 20:16

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100 a posleme ho zpatky na vychod

bilejpes · #7 Příspěvek od **bilejpes** » 09 úno 2015 21:06

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Jonas (administrator) on JONAS-PC on 09-02-2015 20:42:27
Running from C:\Users\Jonas\Desktop
Loaded Profiles: Jonas (Available profiles: Jonas)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\SysWOW64\XSrvSetup.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Jonas\AppData\Local\Temp\netA24.tmp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jonas\Desktop\FRSTLauncher (2).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Device Center\itype.exe [1464928 2000-01-01] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2000-01-01] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\Run: [mcwmxwfpav] => cmd /c start http://foretuned.com/
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\RunOnce: [GoSearch_startsetsearch_chrome] => C:\Users\Jonas\AppData\Local\Temp\netA24.tmp.exe [2606560 2015-02-04] () <===== ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\RunOnce: [GoSearchRemoveAppfirefox] => C:\Users\Jonas\AppData\Local\Temp\NETA26~1.EXE [2606560 2015-02-04] () <===== ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\RunOnce: [GoSearchRemoveAppiexplore] => C:\Users\Jonas\AppData\Local\Temp\NETA27~1.EXE [2606560 2015-02-04] () <===== ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2042957049-1343632929-1820161333-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2042957049-1343632929-1820161333-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2042957049-1343632929-1820161333-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 94.127.128.130

FireFox:
========
FF ProfilePath: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default
FF DefaultSearchEngine: GoSearch
FF SelectedSearchEngine: GoSearch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2042957049-1343632929-1820161333-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\searchplugins\GoSearch.xml
FF SearchPlugin: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\searchplugins\mailru.xml
FF Extension: No Name - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\extensions\sracka@pica.cz.xpi [Not Found]
FF Extension: No Name - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://2inf.net/?utm_source=startpage12
CHR StartupUrls: Default -> "hxxp://2inf.net/?utm_source=startpage12"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Dokumenty Google) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Disk Google) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-07]
CHR Extension: (YouTube) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-07]
CHR Extension: (Adblock Plus) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-07]
CHR Extension: (Vyhledávání Google) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-07]
CHR Extension: (Tabulky Google) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Peněženka Google) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-07]
CHR Extension: (Gmail) - C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-07]
CHR HKLM-x32\...\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] - No Path
CHR HKLM-x32\...\Chrome\Extension: [hfjpfadmjjdiglgmogennkhbinbgdkhm] - C:\ProgramData\Turqia\FlashPlayerv2.crx [2014-07-07]
CHR HKLM-x32\...\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [pganlglbhgfjfgopijbhemcpbehjnpia] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2000-01-01] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-15] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-29] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-05] (Disc Soft Ltd)
S3 HWHandSet; C:\Windows\System32\DRIVERS\hw_quusbmdm.sys [223232 2011-10-24] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2012-10-02] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 cpuz135; \??\C:\Users\Jonas\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 20:42 - 2015-02-09 20:43 - 00015035 _____ () C:\Users\Jonas\Desktop\FRST.txt
2015-02-09 20:42 - 2015-02-09 20:42 - 00000000 ____D () C:\FRST
2015-02-09 20:41 - 2015-02-09 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\Jonas\Desktop\FRSTLauncher (2).exe
2015-02-09 20:40 - 2015-02-09 20:40 - 00112640 _____ (forum.viry.cz) C:\Users\Jonas\Downloads\Nepotvrzeno 394243.crdownload
2015-02-09 20:39 - 2015-02-09 20:39 - 02132992 _____ (Farbar) C:\Users\Jonas\Desktop\FRST64.exe
2015-02-09 20:39 - 2015-02-09 20:39 - 00112640 _____ (forum.viry.cz) C:\Users\Jonas\Downloads\Nepotvrzeno 579892.crdownload
2015-02-09 19:28 - 2015-02-09 19:30 - 00000000 ____D () C:\Users\Jonas\AppData\Local\FullTiltPoker.eu
2015-02-09 19:28 - 2015-02-09 19:28 - 00001088 _____ () C:\Users\Public\Desktop\Full Tilt Poker.Eu.lnk
2015-02-09 19:28 - 2015-02-09 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker.Eu
2015-02-09 19:27 - 2015-02-09 19:29 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker.Eu
2015-02-09 19:25 - 2015-02-09 19:25 - 53683536 _____ () C:\Users\Jonas\AppData\Local\TempFullTiltPokerEuSetup.exe
2015-02-09 19:23 - 2015-02-09 19:29 - 00000000 ____D () C:\Users\Jonas\AppData\Local\cache
2015-02-09 16:42 - 2015-02-09 16:29 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-09 16:31 - 2015-02-09 16:44 - 00008739 _____ () C:\zoek-results.log
2015-02-09 16:29 - 2015-02-09 16:40 - 00000000 ____D () C:\zoek_backup
2015-02-09 16:15 - 2015-02-09 16:15 - 01295360 _____ () C:\Users\Jonas\Desktop\zoek.exe
2015-02-09 16:13 - 2015-02-09 16:14 - 02112512 _____ () C:\Users\Jonas\Desktop\adwcleaner_4.110.exe
2015-02-09 11:24 - 2015-02-09 11:30 - 00016768 _____ () C:\Windows\DPINST.LOG
2015-02-09 11:20 - 2015-02-09 16:26 - 00000000 ____D () C:\Windows\system32\log
2015-02-09 11:20 - 2015-02-09 11:20 - 01222144 _____ () C:\Users\Jonas\Downloads\RSITx64.exe
2015-02-09 11:18 - 2015-02-09 11:18 - 02213088 _____ (Elex do Brasil Participações Ltda) C:\Users\Jonas\Downloads\yet_another_cleaner_sk_6769177.exe
2015-02-05 17:36 - 2015-02-09 19:33 - 00000504 _____ () C:\Windows\setupact.log
2015-02-05 17:36 - 2015-02-09 16:43 - 00003024 _____ () C:\Windows\PFRO.log
2015-02-05 17:36 - 2015-02-05 17:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-04 16:33 - 2015-02-04 17:40 - 689440133 _____ () C:\Users\Jonas\Downloads\huawei mediapad m1 s8-301l-16 18 v100r001c100b007sp01 western europe.rar
2015-02-04 15:37 - 2015-02-04 15:37 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Вoйти в Интeрнет 2inf.net
2015-02-04 15:28 - 2015-02-04 15:28 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Поиcк в Интeрнете
2015-02-04 15:27 - 2015-02-04 16:27 - 00000000 ____D () C:\Users\Jonas\AppData\Local\SystemDir
2015-02-04 15:27 - 2015-02-04 15:27 - 00003496 _____ () C:\Windows\System32\Tasks\nethost task
2015-02-04 15:19 - 2015-02-09 11:25 - 00000000 ____D () C:\Users\Jonas\AppData\Local\HiSuite
2015-02-04 15:19 - 2015-02-04 15:26 - 00000000 ____D () C:\Users\Jonas\Documents\HiSuite
2015-02-04 15:19 - 2015-02-04 15:19 - 00000000 ____D () C:\ProgramData\HiSuiteDataSvc
2015-02-04 15:19 - 2014-02-07 02:53 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
2015-02-04 15:19 - 2014-01-07 04:43 - 02152176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll
2015-02-04 15:19 - 2014-01-07 04:43 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2015-02-04 15:19 - 2014-01-07 04:43 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll
2015-02-04 15:18 - 2015-02-04 15:18 - 35205520 _____ () C:\Users\Jonas\Downloads\HiSuiteSetup_2.3.42.zip
2015-02-03 16:17 - 2015-02-03 16:18 - 05325208 _____ (Piriform Ltd) C:\Users\Jonas\Downloads\ccsetup502.exe
2015-01-27 20:11 - 2015-01-27 20:21 - 1615497216 _____ () C:\Users\Jonas\Downloads\Nedotknutelní BRrip 2011 CZ dabing.avi
2015-01-23 14:24 - 2015-01-23 14:49 - 449233123 _____ () C:\Users\Jonas\Downloads\EU_ROM_FOR_P780.rar
2015-01-23 14:21 - 2015-01-23 14:21 - 00000328 _____ () C:\Users\Jonas\Downloads\CN_MT6589_Android_scatter_emmc (1).rar
2015-01-23 00:44 - 2015-01-23 00:44 - 06285312 _____ () C:\Users\Jonas\Downloads\P780-recovery-twrp-2440-cz-for-asia-rom-by-rebas-v8.img
2015-01-23 00:34 - 2015-01-23 00:37 - 493162039 _____ () C:\Users\Jonas\Downloads\SLXROM_v26a-Lenovo_P780-KIT(CN).zip
2015-01-23 00:34 - 2015-01-23 00:35 - 67478541 _____ () C:\Users\Jonas\Downloads\Lenovo_SuperCam_v.3.6.7_SLXROM.zip
2015-01-22 23:55 - 2015-01-23 00:14 - 349628906 _____ () C:\Users\Jonas\Downloads\gravitymod2-Lenovo_P780_slx2.zip
2015-01-22 23:45 - 2015-01-22 23:45 - 08677710 _____ () C:\Users\Jonas\Downloads\SP_Drivers_v1.4.rar
2015-01-22 23:25 - 2015-01-22 23:33 - 587453436 _____ () C:\Users\Jonas\Downloads\VIBEUI_V1.5_1419_5_DEV_P780_rooted_twrp_gapps.7z
2015-01-22 19:22 - 2015-01-22 19:22 - 00065288 _____ () C:\Users\Jonas\Downloads\preloader (1).zip
2015-01-22 19:21 - 2015-01-22 19:29 - 540548218 _____ () C:\Users\Jonas\Downloads\P780_S135_130917_rooted_twrp_gapps.7z
2015-01-22 19:15 - 2015-01-22 19:15 - 00065288 _____ () C:\Users\Jonas\Downloads\preloader.zip
2015-01-22 17:51 - 2015-01-22 17:52 - 30335534 _____ () C:\Users\Jonas\Downloads\SP-Flash-Tool-v5.1352.01.zip
2015-01-14 11:14 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:14 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:14 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:14 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:14 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:14 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 11:13 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:13 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 11:13 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 11:13 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 11:13 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:13 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:13 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 23:57 - 2015-01-13 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2015-01-13 23:57 - 2015-01-13 23:57 - 00000000 ____D () C:\Program Files (x86)\SDA
2015-01-13 23:55 - 2015-01-13 23:55 - 06286748 _____ () C:\Users\Jonas\Downloads\SDFormatterv4.zip
2015-01-13 21:15 - 2015-01-13 21:15 - 07491909 _____ () C:\Users\Jonas\Downloads\LenovoUsbDriver_1.0.2.7z
2015-01-13 15:15 - 2015-01-13 15:15 - 06396888 _____ () C:\Users\Jonas\Downloads\openrecovery-twrp-2.8.3.0rev1-p780cn.zip
2015-01-13 00:43 - 2015-01-13 00:44 - 14520369 _____ () C:\Users\Jonas\Downloads\Lenovo-P780-Rom-Update (2).rar
2015-01-12 22:40 - 2015-01-12 22:40 - 11091038 _____ () C:\Users\Jonas\Downloads\MtkDroidTools v2.5.3.zip
2015-01-12 22:27 - 2015-01-12 22:27 - 00000328 _____ () C:\Users\Jonas\Downloads\CN_MT6589_Android_scatter_emmc.rar
2015-01-12 22:19 - 2015-01-12 22:19 - 06408500 _____ () C:\Users\Jonas\Downloads\P780-recovery-twrp-2440-cz-for-asia-rom-by-rebas-v8.zip
2015-01-12 21:45 - 2015-01-12 21:45 - 08275308 _____ () C:\Users\Jonas\Downloads\SP-Flash-Tool-v3.1344.0.212.zip
2015-01-12 21:38 - 2015-01-12 21:59 - 409360252 _____ () C:\Users\Jonas\Downloads\LiFe_v03_for_P780.7z
2015-01-12 16:41 - 2015-01-12 16:42 - 06112872 _____ () C:\Users\Jonas\Downloads\recovery_P780_CWM_6.0.1.5.7z
2015-01-12 16:21 - 2015-01-12 16:28 - 710294155 _____ () C:\Users\Jonas\Downloads\P780_4.4.2_1447_VibeUI_2.0_V5.zip
2015-01-12 16:21 - 2015-01-12 16:21 - 09743505 _____ (Lenovo) C:\Users\Jonas\Downloads\LenovoUsbDriver_autorun_1.0.111.exe
2015-01-12 16:07 - 2015-01-12 16:07 - 00000000 ____D () C:\ProgramData\icondir
2015-01-10 19:18 - 2015-01-10 19:18 - 00542066 _____ () C:\Users\Jonas\Downloads\LockscreenUpdate_gravitymod (1).zip
2015-01-10 19:17 - 2015-01-10 19:18 - 14520369 _____ () C:\Users\Jonas\Downloads\Lenovo-P780-Rom-Update (1).rar
2015-01-10 19:00 - 2015-01-10 19:00 - 00011630 _____ () C:\Users\Jonas\Downloads\usb_driver_SW_Rom_P770.zip
2015-01-10 18:30 - 2015-01-10 18:39 - 508212741 _____ () C:\Users\Jonas\Downloads\p780_s226_life_xvibe_v1.2.7z

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 19:49 - 2014-07-07 09:27 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 19:46 - 2012-09-13 12:37 - 00000000 ____D () C:\Users\Jonas\AppData\Local\PokerStars.EU
2015-02-09 19:45 - 2012-10-04 16:01 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 19:41 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 19:41 - 2009-07-14 05:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 19:36 - 2014-04-02 21:41 - 01429656 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 19:33 - 2014-07-07 09:27 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 19:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 19:32 - 2014-04-02 18:25 - 00000000 ____D () C:\AdwCleaner
2015-02-09 19:23 - 2013-01-15 12:57 - 00000000 ____D () C:\Users\Jonas\AppData\Local\FullTiltPoker
2015-02-09 19:23 - 2013-01-15 12:36 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2015-02-09 16:40 - 2012-08-21 10:24 - 00000000 ____D () C:\Users\Jonas
2015-02-09 16:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-02-09 11:43 - 2013-04-12 16:38 - 00000000 ____D () C:\Program Files\trend micro
2015-02-09 11:39 - 2013-10-01 11:30 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-02-09 11:23 - 2013-09-18 21:36 - 00000000 ___HD () C:\$WINDOWS.~BT
2015-02-08 16:44 - 2014-07-07 09:27 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 16:44 - 2014-07-07 09:27 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 16:45 - 2012-10-04 16:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 16:45 - 2012-10-04 16:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 16:45 - 2012-10-04 16:01 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 16:36 - 2013-09-30 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2015-02-06 16:34 - 2013-07-27 10:40 - 00000000 ___RD () C:\Users\Jonas\Desktop\Programy
2015-02-06 16:32 - 2012-08-21 23:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-06 15:24 - 2013-05-06 14:29 - 00000000 ____D () C:\Program Files (x86)\War Thunder
2015-02-04 16:05 - 2012-08-21 11:46 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\AIMP3
2015-02-04 15:21 - 2010-11-21 10:27 - 00668866 _____ () C:\Windows\system32\perfh005.dat
2015-02-04 15:21 - 2010-11-21 10:27 - 00141526 _____ () C:\Windows\system32\perfc005.dat
2015-02-04 15:21 - 2009-07-14 06:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 15:20 - 2012-08-21 10:25 - 00000000 ____D () C:\Users\Jonas\AppData\Local\VirtualStore
2015-02-03 16:20 - 2012-08-21 11:33 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-03 16:17 - 2012-09-13 12:37 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2015-01-29 16:17 - 2014-03-30 20:28 - 00000000 ____D () C:\Users\Jonas\Desktop\Odlož
2015-01-23 15:24 - 2014-12-26 18:06 - 00044966 _____ () C:\BROM_DLL.log
2015-01-22 23:58 - 2013-07-27 10:41 - 00000000 ___RD () C:\Users\Jonas\Desktop\Hry
2015-01-21 18:53 - 2013-07-08 21:20 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 18:52 - 2014-01-21 08:50 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-14 21:11 - 2013-07-21 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:07 - 2012-08-21 10:40 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 23:56 - 2012-10-03 17:17 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Downloaded Installations
2015-01-13 11:23 - 2009-07-14 06:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 16:13 - 2014-12-26 19:33 - 00000000 ____D () C:\Users\Jonas\AppData\Roaming\Lenovo

==================== Files in the root of some directories =======

2013-10-30 17:09 - 2015-01-04 14:55 - 0000638 _____ () C:\Users\Jonas\AppData\Roaming\JONAS-PC.MTBF.txt
2013-10-30 17:09 - 2015-01-04 15:15 - 0000900 _____ () C:\Users\Jonas\AppData\Roaming\__AvidCloudManager.log
2013-10-30 17:09 - 2014-10-07 10:27 - 0000776 _____ () C:\Users\Jonas\AppData\Roaming\__AvidCloudManagerPrevious.log
2012-10-04 16:39 - 2013-10-30 17:29 - 0010752 _____ () C:\Users\Jonas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-20 23:12 - 2014-05-21 06:27 - 0003036 _____ () C:\Users\Jonas\AppData\Local\MRDownloader.err
2014-05-20 18:37 - 2014-05-21 11:39 - 0001096 _____ () C:\Users\Jonas\AppData\Local\MRDownloader.nast
2013-07-31 18:48 - 2013-07-31 18:48 - 0003255 _____ () C:\Users\Jonas\AppData\Local\recently-used.xbel
2013-11-02 14:25 - 2013-11-02 16:36 - 0037440 _____ () C:\Users\Jonas\AppData\Local\SRDownloader.err
2013-01-10 22:00 - 2013-11-11 12:15 - 0001096 _____ () C:\Users\Jonas\AppData\Local\SRDownloader.nast
2015-02-09 19:25 - 2015-02-09 19:25 - 53683536 _____ () C:\Users\Jonas\AppData\Local\TempFullTiltPokerEuSetup.exe

Files to move or delete:
====================
C:\Users\Jonas\AppData\Local\Temp\netA24.tmp.exe
C:\Users\Jonas\AppData\Local\Temp\NETA26~1.EXE
C:\Users\Jonas\AppData\Local\Temp\NETA27~1.EXE

Some content of TEMP:
====================
C:\Users\Jonas\AppData\Local\Temp\netA24.tmp.exe
C:\Users\Jonas\AppData\Local\Temp\netA26.tmp.exe
C:\Users\Jonas\AppData\Local\Temp\netA27.tmp.exe
C:\Users\Jonas\AppData\Local\Temp\Quarantine.exe
C:\Users\Jonas\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-03 08:30

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (System) (Fixed) (Total:232.79 GB) (Free:41.23 GB) NTFS
Drive h: (BOOST) (Removable) (Total:1.89 GB) (Free:0.01 GB) FAT

Available physical RAM: 4435.16 MB
Total physical RAM: 6142.49 MB
Percentage of memory in use: 27%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 15DA15D9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 524362CD)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
Disk: 2 (Size: 1.9 GB) (Disk ID: 00DCEB7B)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\ProgramData\TEMP:CB9FA647

==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jonas\Desktop" je 10454 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup
C:\Windows\RaidTool\xInsIDE.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kometaup
C:\Users\Jonas\AppData\Local\Kometa\kometaup.exe --windows-start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe" [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DefaultOutboundAction REG_DWORD 0x0
DefaultInboundAction REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#8 Příspěvek od **vyosek** » 09 úno 2015 21:28

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\Run: [mcwmxwfpav] => cmd /c start http://foretuned.com/
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\RunOnce: [GoSearch_startsetsearch_chrome] => C:\Users\Jonas\AppData\Local\Temp\netA24.tmp.exe [2606560 2015-02-04] () <===== ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\RunOnce: [GoSearchRemoveAppfirefox] => C:\Users\Jonas\AppData\Local\Temp\NETA26~1.EXE [2606560 2015-02-04] () <===== ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\RunOnce: [GoSearchRemoveAppiexplore] => C:\Users\Jonas\AppData\Local\Temp\NETA27~1.EXE [2606560 2015-02-04] () <===== ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2042957049-1343632929-1820161333-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2042957049-1343632929-1820161333-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}

FF SearchPlugin: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\searchplugins\mailru.xml
FF Extension: No Name - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\extensions\sracka@pica.cz.xpi [Not Found]
FF Extension: No Name - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

CHR HomePage: Default -> hxxp://2inf.net/?utm_source=startpage12
CHR StartupUrls: Default -> "hxxp://2inf.net/?utm_source=startpage12"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR HKLM-x32\...\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] - No Path
CHR HKLM-x32\...\Chrome\Extension: [hfjpfadmjjdiglgmogennkhbinbgdkhm] - C:\ProgramData\Turqia\FlashPlayerv2.crx [2014-07-07]
CHR HKLM-x32\...\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [pganlglbhgfjfgopijbhemcpbehjnpia] - No Path

S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 cpuz135; \??\C:\Users\Jonas\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

2015-02-09 20:42 - 2015-02-09 20:43 - 00015035 _____ () C:\Users\Jonas\Desktop\FRST.txt
2015-02-09 20:41 - 2015-02-09 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\Jonas\Desktop\FRSTLauncher (2).exe
2015-02-09 20:40 - 2015-02-09 20:40 - 00112640 _____ (forum.viry.cz) C:\Users\Jonas\Downloads\Nepotvrzeno 394243.crdownload
2015-02-09 20:39 - 2015-02-09 20:39 - 00112640 _____ (forum.viry.cz) C:\Users\Jonas\Downloads\Nepotvrzeno 579892.crdownload
2015-02-09 19:25 - 2015-02-09 19:25 - 53683536 _____ () C:\Users\Jonas\AppData\Local\TempFullTiltPokerEuSetup.exe
2015-02-09 16:42 - 2015-02-09 16:29 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-09 16:31 - 2015-02-09 16:44 - 00008739 _____ () C:\zoek-results.log
2015-02-09 16:29 - 2015-02-09 16:40 - 00000000 ____D () C:\zoek_backup
2015-02-09 16:15 - 2015-02-09 16:15 - 01295360 _____ () C:\Users\Jonas\Desktop\zoek.exe
2015-02-09 16:13 - 2015-02-09 16:14 - 02112512 _____ () C:\Users\Jonas\Desktop\adwcleaner_4.110.exe
2015-02-09 11:24 - 2015-02-09 11:30 - 00016768 _____ () C:\Windows\DPINST.LOG
2015-02-09 11:20 - 2015-02-09 16:26 - 00000000 ____D () C:\Windows\system32\log
2015-02-09 11:20 - 2015-02-09 11:20 - 01222144 _____ () C:\Users\Jonas\Downloads\RSITx64.exe
2015-02-09 11:18 - 2015-02-09 11:18 - 02213088 _____ (Elex do Brasil Participações Ltda) C:\Users\Jonas\Downloads\yet_another_cleaner_sk_6769177.exe
2015-02-05 17:36 - 2015-02-09 19:33 - 00000504 _____ () C:\Windows\setupact.log
2015-02-05 17:36 - 2015-02-09 16:43 - 00003024 _____ () C:\Windows\PFRO.log
2015-02-05 17:36 - 2015-02-05 17:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-04 15:37 - 2015-02-04 15:37 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Вoйти в Интeрнет 2inf.net
2015-02-04 15:28 - 2015-02-04 15:28 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Поиcк в Интeрнете
2015-02-09 19:32 - 2014-04-02 18:25 - 00000000 ____D () C:\AdwCleaner
2015-02-06 16:32 - 2012-08-21 23:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
C:\Program Files (x86)\IObit

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\ProgramData\TEMP:CB9FA647

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16]

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

bilejpes · #9 Příspěvek od **bilejpes** » 10 úno 2015 11:13

Mám problém s tím že jsem idiot. V noci jsem FRST spustil když sjem přišel z práce a dopoledne znova, jelikož jsem zapomněl že už jsem to jednou udělal... Takže log je po druhém spuštění. Přepracovanost je mrcha...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by Jonas at 2015-02-10 10:58:38 Run:2
Running from C:\Users\Jonas\Desktop
Loaded Profiles: Jonas (Available profiles: Jonas)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\Run: [mcwmxwfpav] => cmd /c start http://foretuned.com/
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\RunOnce: [GoSearch_startsetsearch_chrome] => C:\Users\Jonas\AppData\Local\Temp\netA24.tmp.exe [2606560 2015-02-04] () <===== ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\RunOnce: [GoSearchRemoveAppfirefox] => C:\Users\Jonas\AppData\Local\Temp\NETA26~1.EXE [2606560 2015-02-04] () <===== ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\RunOnce: [GoSearchRemoveAppiexplore] => C:\Users\Jonas\AppData\Local\Temp\NETA27~1.EXE [2606560 2015-02-04] () <===== ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2042957049-1343632929-1820161333-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2042957049-1343632929-1820161333-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = http://go-search.ru/search?q={searchTerms}

FF SearchPlugin: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\searchplugins\mailru.xml
FF Extension: No Name - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\extensions\sracka@pica.cz.xpi [Not Found]
FF Extension: No Name - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

CHR HomePage: Default -> hxxp://2inf.net/?utm_source=startpage12
CHR StartupUrls: Default -> "hxxp://2inf.net/?utm_source=startpage12"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR HKLM-x32\...\Chrome\Extension: [gdknicmnhbaajdglbinpahhapghpakch] - No Path
CHR HKLM-x32\...\Chrome\Extension: [hfjpfadmjjdiglgmogennkhbinbgdkhm] - C:\ProgramData\Turqia\FlashPlayerv2.crx [2014-07-07]
CHR HKLM-x32\...\Chrome\Extension: [jedelkhanefmcnpappfhachbpnlhomai] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [pganlglbhgfjfgopijbhemcpbehjnpia] - No Path

S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 cpuz135; \??\C:\Users\Jonas\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]

2015-02-09 20:42 - 2015-02-09 20:43 - 00015035 _____ () C:\Users\Jonas\Desktop\FRST.txt
2015-02-09 20:41 - 2015-02-09 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\Jonas\Desktop\FRSTLauncher (2).exe
2015-02-09 20:40 - 2015-02-09 20:40 - 00112640 _____ (forum.viry.cz) C:\Users\Jonas\Downloads\Nepotvrzeno 394243.crdownload
2015-02-09 20:39 - 2015-02-09 20:39 - 00112640 _____ (forum.viry.cz) C:\Users\Jonas\Downloads\Nepotvrzeno 579892.crdownload
2015-02-09 19:25 - 2015-02-09 19:25 - 53683536 _____ () C:\Users\Jonas\AppData\Local\TempFullTiltPokerEuSetup.exe
2015-02-09 16:42 - 2015-02-09 16:29 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-09 16:31 - 2015-02-09 16:44 - 00008739 _____ () C:\zoek-results.log
2015-02-09 16:29 - 2015-02-09 16:40 - 00000000 ____D () C:\zoek_backup
2015-02-09 16:15 - 2015-02-09 16:15 - 01295360 _____ () C:\Users\Jonas\Desktop\zoek.exe
2015-02-09 16:13 - 2015-02-09 16:14 - 02112512 _____ () C:\Users\Jonas\Desktop\adwcleaner_4.110.exe
2015-02-09 11:24 - 2015-02-09 11:30 - 00016768 _____ () C:\Windows\DPINST.LOG
2015-02-09 11:20 - 2015-02-09 16:26 - 00000000 ____D () C:\Windows\system32\log
2015-02-09 11:20 - 2015-02-09 11:20 - 01222144 _____ () C:\Users\Jonas\Downloads\RSITx64.exe
2015-02-09 11:18 - 2015-02-09 11:18 - 02213088 _____ (Elex do Brasil Participações Ltda) C:\Users\Jonas\Downloads\yet_another_cleaner_sk_6769177.exe
2015-02-05 17:36 - 2015-02-09 19:33 - 00000504 _____ () C:\Windows\setupact.log
2015-02-05 17:36 - 2015-02-09 16:43 - 00003024 _____ () C:\Windows\PFRO.log
2015-02-05 17:36 - 2015-02-05 17:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-04 15:37 - 2015-02-04 15:37 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Вoйти в Интeрнет 2inf.net
2015-02-04 15:28 - 2015-02-04 15:28 - 00000000 ____D () C:\Users\Jonas\AppData\Local\Поиcк в Интeрнете
2015-02-09 19:32 - 2014-04-02 18:25 - 00000000 ____D () C:\AdwCleaner
2015-02-06 16:32 - 2012-08-21 23:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
C:\Program Files (x86)\IObit

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\ProgramData\TEMP:CB9FA647

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => Value not found.
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mcwmxwfpav => Value not found.
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => Value not found.
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\GoSearch_startsetsearch_chrome => Value not found.
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\GoSearchRemoveAppfirefox => value deleted successfully.
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\GoSearchRemoveAppiexplore => value deleted successfully.
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => Key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => Value not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2042957049-1343632929-1820161333-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C}" => Key deleted successfully.
HKCR\CLSID\{A06ED961-D98F-4CF9-A89B-80AB11DB149C} => Key not found.
"C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\searchplugins\mailru.xml" => not found.
C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\extensions\sracka@pica.cz.xpi not found.
C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
Chrome DefaultSuggestURL deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gdknicmnhbaajdglbinpahhapghpakch => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hfjpfadmjjdiglgmogennkhbinbgdkhm => Key not found.
"C:\ProgramData\Turqia\FlashPlayerv2.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jedelkhanefmcnpappfhachbpnlhomai => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pganlglbhgfjfgopijbhemcpbehjnpia => Key not found.
Andbus => Service not found.
AndDiag => Service not found.
AndGps => Service not found.
ANDModem => Service not found.
andnetadb => Service not found.
cpuz135 => Service not found.
"C:\Users\Jonas\Desktop\FRST.txt" => File/Directory not found.
"C:\Users\Jonas\Desktop\FRSTLauncher (2).exe" => File/Directory not found.
"C:\Users\Jonas\Downloads\Nepotvrzeno 394243.crdownload" => File/Directory not found.
"C:\Users\Jonas\Downloads\Nepotvrzeno 579892.crdownload" => File/Directory not found.
"C:\Users\Jonas\AppData\Local\TempFullTiltPokerEuSetup.exe" => File/Directory not found.
"C:\Windows\zoek-delete.exe" => File/Directory not found.
"C:\zoek-results.log" => File/Directory not found.
"C:\zoek_backup" => File/Directory not found.
"C:\Users\Jonas\Desktop\zoek.exe" => File/Directory not found.
"C:\Users\Jonas\Desktop\adwcleaner_4.110.exe" => File/Directory not found.
"C:\Windows\DPINST.LOG" => File/Directory not found.
"C:\Windows\system32\log" => File/Directory not found.
"C:\Users\Jonas\Downloads\RSITx64.exe" => File/Directory not found.
"C:\Users\Jonas\Downloads\yet_another_cleaner_sk_6769177.exe" => File/Directory not found.
C:\Windows\setupact.log => Moved successfully.
"C:\Windows\PFRO.log" => File/Directory not found.
C:\Windows\setuperr.log => Moved successfully.
"C:\Users\Jonas\AppData\Local\Вoйти в Интeрнет 2inf.net" => File/Directory not found.
"C:\Users\Jonas\AppData\Local\Поиcк в Интeрнете" => File/Directory not found.
"C:\AdwCleaner" => File/Directory not found.
"C:\ProgramData\Spybot - Search & Destroy" => File/Directory not found.
"C:\Program Files (x86)\IObit" => File/Directory not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
"C:\ProgramData\TEMP" => ":8CE646EE" ADS not found.
"C:\ProgramData\TEMP" => ":CB9FA647" ADS not found.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite => Key not found.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16 => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 24.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 10:58:55 ====

#10 Příspěvek od **vyosek** » 10 úno 2015 11:31

Pro jistotu 2x

Jak se chova PC nyni??

bilejpes · #11 Příspěvek od **bilejpes** » 10 úno 2015 12:17

Jako za mlada

Ruská stránka nenaskakuje a vše se zdá OK.
Moc děkuji za pomoc.

#12 Příspěvek od **vyosek** » 10 úno 2015 12:31

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

Stahnete a spustte
Ponechte zatrzitkou pouze u volby Remote disinfection tools
Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

bilejpes · #13 Příspěvek od **bilejpes** » 10 úno 2015 13:43

Sakra.
Po dalším restartu opět jako vyhledávač azbuková bakterie...

#14 Příspěvek od **JaRon** » 10 úno 2015 14:01

vloz kolegovi log RSIT aby vedel co sa vratilo ?

bilejpes · #15 Příspěvek od **bilejpes** » 10 úno 2015 15:46

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jonas at 2015-02-10 15:00:00
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 51 GB (21%) free of 238 GB
Total RAM: 6142 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:00:08, on 10.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE
C:\Program Files\trend micro\Jonas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\RunOnce: [GoSearchRemoveAppchrome] cmd /Q /C del /Q "C:\Users\Jonas\AppData\Local\Temp\NET747~1.EXE"
O4 - HKCU\..\RunOnce: [GoSearchRemoveAppfirefox] cmd /Q /C del /Q "C:\Users\Jonas\AppData\Local\Temp\NET748~1.EXE"
O4 - HKCU\..\RunOnce: [GoSearchRemoveAppiexplore] cmd /Q /C del /Q "C:\Users\Jonas\AppData\Local\Temp\NET74A~1.EXE"
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7007 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\SysWOW64\XSrvSetup.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
taskeng.exe {10CDFEA5-D63A-419A-B052-3151175D30A3}
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
WLIDSvcM.exe 1788
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Microsoft Device Center\itype.exe"
"C:\Program Files\Microsoft Device Center\ipoint.exe"
"C:\Windows\WindowsMobile\wmdcBase.exe"
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fbf552ec-9698-43ee-bba1-196ff988ee04 -SystemEventPortName:HostProcess-9b4cf3f9-1361-4e98-9025-d8632f0608de -IoCancelEventPortName:HostProcess-187e3f4c-2157-4cbc-afe1-d26677e69633 -NonStateChangingEventPortName:HostProcess-d93bfb30-18d9-4245-be7b-323ff2cfb8a1 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9b6649a1-73f9-47be-9a8c-5ca8eb9f85c3 -DeviceGroupId:WpdFsGroup
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\TrueCrypt\TrueCrypt.exe"
"C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"

"C:\Users\Jonas\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\94czhu4y.default\searchplugins\
GoSearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 1331288]
"IntelliType Pro"=C:\Program Files\Microsoft Device Center\itype.exe [2000-01-01 1464928]
"IntelliPoint"=C:\Program Files\Microsoft Device Center\ipoint.exe [2000-01-01 2004584]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 660360]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 190536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-01-20 7404312]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2014-06-16 833024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"GoSearchRemoveAppchrome"=cmd /Q /C del /Q C:\Users\Jonas\AppData\Local\Temp\NET747~1.EXE []
"GoSearchRemoveAppfirefox"=cmd /Q /C del /Q C:\Users\Jonas\AppData\Local\Temp\NET748~1.EXE []
"GoSearchRemoveAppiexplore"=cmd /Q /C del /Q C:\Users\Jonas\AppData\Local\Temp\NET74A~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2015-01-20 7404312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2000-01-01 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kometaup]
C:\Users\Jonas\AppData\Local\Kometa\kometaup.exe --windows-start []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-02-10 15:00:00 ----D---- C:\rsit
2015-02-10 13:18:05 ----A---- C:\DelFix.txt
2015-02-09 19:27:17 ----D---- C:\Program Files (x86)\Full Tilt Poker.Eu
2015-02-09 16:44:07 ----SHD---- C:\$RECYCLE.BIN
2015-02-09 16:42:29 ----D---- C:\Windows\Temp
2015-02-04 15:19:50 ----D---- C:\ProgramData\HiSuiteDataSvc
2015-02-04 15:19:14 ----A---- C:\Windows\system32\drivers\WUDFUpdate_01009.dll
2015-02-04 15:19:14 ----A---- C:\Windows\system32\drivers\winusbcoinstaller2.dll
2015-02-04 15:19:14 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01009.dll
2015-02-04 15:19:14 ----A---- C:\Windows\system32\drivers\hw_quusbnet.sys
2015-01-14 11:14:04 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-14 11:14:04 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-14 11:14:04 ----A---- C:\Windows\system32\profsvc.dll
2015-01-14 11:14:04 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-14 11:14:01 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:14:01 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-14 11:13:59 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-01-14 11:13:59 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-01-14 11:13:59 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:13:58 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-01-14 11:13:58 ----A---- C:\Windows\system32\srcore.dll
2015-01-14 11:13:58 ----A---- C:\Windows\system32\srclient.dll
2015-01-14 11:13:58 ----A---- C:\Windows\system32\rstrui.exe
2015-01-13 23:57:02 ----D---- C:\Program Files (x86)\SDA
2015-01-12 16:07:53 ----D---- C:\ProgramData\icondir

======List of files/folders modified in the last 1 month======

2015-02-10 15:00:08 ----D---- C:\Windows\Prefetch
2015-02-10 15:00:07 ----D---- C:\Program Files\trend micro
2015-02-10 14:35:31 ----D---- C:\Users\Jonas\AppData\Roaming\AIMP3
2015-02-10 13:38:42 ----D---- C:\Windows
2015-02-10 13:37:43 ----D---- C:\Windows\system32\config
2015-02-10 13:18:44 ----D---- C:\Windows\inf
2015-02-10 10:58:53 ----D---- C:\Windows\system32\drivers\etc
2015-02-10 10:58:50 ----SHD---- C:\System Volume Information
2015-02-10 03:15:06 ----D---- C:\Windows\Tasks
2015-02-10 03:15:05 ----RD---- C:\Program Files (x86)
2015-02-10 03:15:05 ----D---- C:\ProgramData
2015-02-10 03:15:04 ----D---- C:\Windows\System32
2015-02-10 03:15:04 ----D---- C:\ProgramData\Turqia
2015-02-09 19:23:36 ----D---- C:\Program Files (x86)\Full Tilt Poker
2015-02-09 16:40:24 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2015-02-09 16:33:18 ----RD---- C:\Program Files
2015-02-09 16:33:18 ----D---- C:\Program Files (x86)\Common Files
2015-02-09 16:29:13 ----D---- C:\Windows\SysWOW64
2015-02-09 16:26:21 ----D---- C:\Windows\system32\catroot
2015-02-09 16:26:08 ----D---- C:\Windows\system32\drivers
2015-02-09 11:39:40 ----D---- C:\Windows\system32\appmgmt
2015-02-09 11:31:31 ----SHD---- C:\Windows\Installer
2015-02-09 11:31:27 ----D---- C:\Windows\system32\DriverStore
2015-02-09 11:31:17 ----D---- C:\Windows\system32\catroot2
2015-02-09 11:23:09 ----HD---- C:\$WINDOWS.~BT
2015-02-06 16:45:23 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-02-06 15:24:35 ----D---- C:\Program Files (x86)\War Thunder
2015-02-04 16:05:05 ----D---- C:\Windows\Logs
2015-02-04 16:05:05 ----D---- C:\Windows\debug
2015-02-04 16:03:37 ----D---- C:\Windows\system32\Tasks
2015-02-04 15:21:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-02-03 16:20:08 ----D---- C:\Program Files\CCleaner
2015-02-03 16:17:33 ----D---- C:\Program Files (x86)\PokerStars
2015-01-24 16:27:48 ----D---- C:\ProgramData\SP_FT_Logs
2015-01-21 18:53:31 ----D---- C:\Program Files (x86)\Java
2015-01-21 18:52:59 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-01-16 15:58:55 ----D---- C:\Windows\winsxs
2015-01-14 21:11:17 ----D---- C:\Windows\system32\MRT
2015-01-14 21:07:28 ----A---- C:\Windows\system32\MRT.exe
2015-01-12 16:13:42 ----D---- C:\Users\Jonas\AppData\Roaming\Lenovo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2012-03-30 120920]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 269008]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-12-05 283064]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2013-07-21 231376]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 125584]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-11-21 18959360]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-11-21 589312]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2014-06-21 94720]
R3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2000-01-01 52320]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2000-01-01 46176]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 685672]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2010-04-27 26440]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2010-04-27 43976]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2010-04-27 16200]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2010-04-27 77512]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 HWHandSet;HWUSBSERSP; C:\Windows\system32\DRIVERS\hw_quusbmdm.sys [2011-10-24 223232]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2000-01-01 23648]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2012-10-02 15712]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbser;USB Serial emulation modem driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;Lenovo USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-11-21 244736]
R2 JMB36X;JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [2000-01-01 72280]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 23784]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-05-29 75136]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe -/service []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-19 114800]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-15 1900400]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-21 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

VIRY.CZ

Ruský šmejd - změna vyhledávače po spuštění

Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění

Re: Ruský šmejd - změna vyhledávače po spuštění