IstarSurf

Zpráva

Liba · #1 Příspěvek od **Liba** » 18 kvě 2015 14:14

Zdravím. Dnes ráno jsem zapla Ntb a otevřel prohlížeč. jako úvodní stránka v Opeře mi naskočil IStartSurf.com Dočetla jsem se, že je to nejspíš vir ale moc se v tom nevyznám, co s tím, odinstalovat to nejde tak prosím nějakého odborníka o pomoc ...

Liba · #2 Příspěvek od **Liba** » 18 kvě 2015 14:18

ještě log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:13, on 18.5.2015
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\IceWarp Desktop Client\MailClient.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Users\Liba\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe
C:\windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Users\Liba\Install\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... XX6VEJBDF8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... XX6VEJBDF8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... XX6VEJBDF8
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mncebtxiSrv] C:\windows\system32\mncebtxi.vbe
O4 - HKLM\..\Run: [mncelavleSrv] C:\windows\system32\mncelavle.vbe
O4 - HKLM\..\Run: [mncxddxSrv] C:\windows\system32\mncxddx.vbe
O4 - HKLM\..\Run: [mncqypkacSrv] C:\windows\system32\mncqypkac.vbe
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [IceWarp Desktop Client] "C:\Program Files (x86)\IceWarp Desktop Client\MailClient.exe" /startup
O4 - HKCU\..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Liba\AppData\Roaming\uTorrent\uTorrent.exe"
O4 - Startup: wandoujia_helper.lnk = Liba\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - Unknown owner - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - Unknown owner - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14014 bytes

#3 Příspěvek od **vyosek** » 18 kvě 2015 14:36

Zdravim

Nahore je takovej veeelkej oranzovej obdelnik, zkuste se do nej podivat a zjistite, ze potrebujeme log z RSIT nebo jeste lepe z FRST. HJT je uz tak 10 let zcela nedostatecny

Liba · #4 Příspěvek od **Liba** » 18 kvě 2015 14:43

Logfile of random's system information tool 1.10 (written by random/random)
Run by Liba at 2015-05-18 15:40:27
Microsoft Windows 7 Home Premium
System drive C: has 197 GB (46%) free of 432 GB
Total RAM: 2935 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:40:32, on 18.5.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Users\Liba\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe
C:\Program Files\trend micro\Liba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... XX6VEJBDF8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... XX6VEJBDF8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... XX6VEJBDF8
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: ShopperProBHO - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mncebtxiSrv] C:\windows\system32\mncebtxi.vbe
O4 - HKLM\..\Run: [mncelavleSrv] C:\windows\system32\mncelavle.vbe
O4 - HKLM\..\Run: [mncxddxSrv] C:\windows\system32\mncxddx.vbe
O4 - HKLM\..\Run: [mncqypkacSrv] C:\windows\system32\mncqypkac.vbe
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [IceWarp Desktop Client] "C:\Program Files (x86)\IceWarp Desktop Client\MailClient.exe" /startup
O4 - HKCU\..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Liba\AppData\Roaming\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: wandoujia_helper.lnk = Liba\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - Unknown owner - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - Unknown owner - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15048 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
winlogon.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 34979968
\??\C:\windows\system32\conhost.exe
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service
taskeng.exe {B36C4C7D-1913-4498-97A5-CFDF6E3B472E}
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\Ge-Force\a0e02687-a797-4790-bec2-a27c4f7dd5fa-1-6.exe" /rawdata=F+xRVACMs5yWxFELIzrPoqdzOQR8awlijSM1aTiCeLIuxHRsuqjwxG+HR3QGknsIlVk+9FuykdcVQCc56j26vJMkGoNxhGUEf6LmOJiKaNz4Jvs61FuFYKMdjrPaHGLetQAcy1xbyilG7UIUh2KA17bCT9wuUalaW/O+GtBdfU+Oou2WMvSxc5DraUDri6esLpRTQ6OJ2EOzCqyb7LEvQGyB6bH6VKtv/IpUz5FqGaDTbMqJ1dC0aS8QxxzDYvkxYWkYEHYdNXwSo8a9gXcj83u3ClzByo/KD708HXyvLYPEFF+105/ec6Fc44B/7j4dMVc2rLFyLk9klujC4Gdf4GNjIuEMw807XadHxZrlNO25AToZmNUaQLuOcFL0KSsDSTvlGJtNELJkUGwfo8QuwRTbiAKd0pCfsij97P+iSuNBhzChmWQHuZFGIj5pJ4CP5NqXUIaFD9T8mmtddF9ZDCgUOzcQo6+9VT4C2QXlwg7QfcSNRdLiX8/houYqyl1spjXCbgT/n+ZHbWZ6l2FIydW5oscCgHxr/SNnmlopGIrFa+rjYRQ/xzoIZKQEjFBTVw5JfRAa3Dy21k4K8TimBc+pu6szGjc8qIZHtk8y7PE7Z1GR9nG1sTqcZAENTCdGkt+u28PQJALLHD1nLPPkZbGCl+XdiJXyrwgHvpbg7JBM7DwSRSziDry8DFABZ99ty+lU1CK1flKUGFlrRAL6MMGXXRLuYaOVKfTmxZ4TgQteNsu1d9htqQmg5iRf8dYhcjc+cN5xNG8OxgR41ibMhu2khvvI/wwzomNp9M5sGreKaz2zGaPIoV/em24+YYwGI9t+tmkeXRqtvuesM+PYuLhYbdJu0olQXbSwhX+nBWNrfHulFSAB+hbIXiXovy5J0zXIrsHwZEol1HuNYY9KeYyV3NPDoqaWF/1sJgMr/5iP9VyZYAvzRzWaNCE/mxanONAc7ZJlzsKfJ7km1UjlQD4o3VARtNsfvJTY0NWrIH6aX5eZn55q9G+3ffY+/OFQbHE0bU3rxDusymMsRE2l+NZfIZj+huZttw4wGe8TFtCjpFZIjmxQhvtegTtXj6Th2gkdYo+881PIrusR1EpAopOpw/AelDAby4erGMZRl6WVMsuig/vkk+2wTt+T+2nLVn30lODmCDHl/G5vGzqAur5GWWolGkH++/T4sYC1WzCIJgFnb4ModZwAR+FdH8IzEyvT7Llv+ZBTzLy3pEeCOV9ZAls+fEYheSIrgBRMpAsBt+QHcb4DUbLECJzfNtbksOu1/OgDC/0eJXhfjxF9tfY3fZvhf24NWflzkAQpETXMjfvN74QChsh2BKeSb/cCqztIyLBFL7+pOV8vO/PLMJoDtYlYZYXoGAHPquQ6f3LfaN6AkKDWXURFAiUxiaEudgOW4O7pOdbBKD3PaM9zSGa1k4jd6fk1w37YVgPudb3c8yHBAsOjN9GxqwAMBeF+3nJ5tn3XbQlt3+Ehn/G3G7q+8IvVGISiPsHl87oChUrQzLCYUpnyxrWMKbOF4tDC
"C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
"C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe" -service
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
WLIDSvcM.exe 2448
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"C:\Users\Liba\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\windows\system32\wuauclt.exe"
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe"
\??\C:\windows\system32\conhost.exe
"C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe" /open
C:\windows\SysWOW64\DllHost.exe /Processid:{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --ran-launcher http://www.istartsurf.com/?type=sc&ts=1 ... XX6VEJBDF8
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=gpu-process --channel="232.0.375313450\2118400697" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2104 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --extension-process --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.1.308131336\1490810930" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.2.344838699\647212232" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --extension-process --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.7.893979590\173366596" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --extension-process --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.13.1858771798\2007536817" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --extension-process --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.14.1316608217\2142259014" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --extension-process --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.15.1956810162\95486003" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.18.2044540128\1314040474" /prefetch:673131151
"C:\Program Files\totalcmd\TOTALCMD.EXE"
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.19.1912622843\799312778" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.21.723629773\922904370" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.25.1816826958\2011187082" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=plugin --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll" --lang=cs --channel="232.26.1939093726\1702832020" /prefetch:-390060480
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.32.920295537\1979672312" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.37.43558795\536184878" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.41.120522899\2072594134" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.43.869066292\1695093307" /prefetch:673131151
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.46.797761925\1004285857" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.47.2133652019\1475104967" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.48.1024398350\206754306" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.49.390910917\1483695357" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.50.597085336\1933746267" /prefetch:673131151
"C:\Program Files (x86)\Opera\18.0.1284.49\opera.exe" --type=renderer --lang=cs --disable-client-side-phishing-detection --with-feature:activation-order-tab-cycling --with-feature:lazy-session-loading --disable-accelerated-video-decode --channel="232.51.80447158\443905606" /prefetch:673131151
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe17_ Global\UsGthrCtrlFltPipeMssGthrPipe17 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey F0359664-768B-B0F9-4B68-35F54969ED7B -Reinvoke

"C:\Users\Liba\Downloads\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-1-6.job - C:\Program Files (x86)\Ge-Force\a0e02687-a797-4790-bec2-a27c4f7dd5fa-1-6.exe /rawdata=F+xRVACMs5yWxFELIzrPoqdzOQR8awlijSM1aTiCeLIuxHRsuqjwxG+HR3QGknsIlVk+9FuykdcVQCc56j26vJMkGoNxhGUEf6LmOJiKaNz4Jvs61FuFYKMdjrPaHGLetQAcy1xbyilG7UIUh2KA17bCT9wuUalaW/O+GtBdfU+Oou2WMvSxc5DraUDri6esLpRTQ6OJ2EOzCqyb7LEvQGyB6bH6VKtv/IpUz5FqGaDTbMqJ1dC0aS8QxxzDYvkxYWkYEHYdNXwSo8a9gXcj83u3ClzByo/KD708HXyvLYPEFF+105/ec6Fc44B/7j4dMVc2rLFyLk9klujC4Gdf4GNjIuEMw807XadHxZrlNO25AToZmNUaQLuOcFL0KSsDSTvlGJtNELJkUGwfo8QuwRTbiAKd0pCfsij97P+iSuNBhzChmWQHuZFGIj5pJ4CP5NqXUIaFD9T8mmtddF9ZDCgUOzcQo6+9VT4C2QXlwg7QfcSNRdLiX8/houYqyl1spjXCbgT/n+ZHbWZ6l2FIydW5oscCgHxr/SNnmlopGIrFa+rjYRQ/xzoIZKQEjFBTVw5JfRAa3Dy21k4K8TimBc+pu6szGjc8qIZHtk8y7PE7Z1GR9nG1sTqcZAENTCdGkt+u28PQJALLHD1nLPPkZbGCl+XdiJXyrwgHvpbg7JBM7DwSRSziDry8DFABZ99ty+lU1CK1flKUGFlrRAL6MMGXXRLuYaOVKfTmxZ4TgQteNsu1d9htqQmg5iRf8dYhcjc+cN5xNG8OxgR41ibMhu2khvvI/wwzomNp9M5sGreKaz2zGaPIoV/em24+YYwGI9t+tmkeXRqtvuesM+PYuLhYbdJu0olQXbSwhX+nBWNrfHulFSAB+hbIXiXovy5J0zXIrsHwZEol1HuNYY9KeYyV3NPDoqaWF/1sJgMr/5iP9VyZYAvzRzWaNCE/mxanONAc7ZJlzsKfJ7km1UjlQD4o3VARtNsfvJTY0NWrIH6aX5eZn55q9G+3ffY+/OFQbHE0bU3rxDusymMsRE2l+NZfIZj+huZttw4wGe8TFtCjpFZIjmxQhvtegTtXj6Th2gkdYo+881PIrusR1EpAopOpw/AelDAby4erGMZRl6WVMsuig/vkk+2wTt+T+2nLVn30lODmCDHl/G5vGzqAur5GWWolGkH++/T4sYC1WzCIJgFnb4ModZwAR+FdH8IzEyvT7Llv+ZBTzLy3pEeCOV9ZAls+fEYheSIrgBRMpAsBt+QHcb4DUbLECJzfNtbksOu1/OgDC/0eJXhfjxF9tfY3fZvhf24NWflzkAQpETXMjfvN74QChsh2BKeSb/cCqztIyLBFL7+pOV8vO/PLMJoDtYlYZYXoGAHPquQ6f3LfaN6AkKDWXURFAiUxiaEudgOW4O7pOdbBKD3PaM9zSGa1k4jd6fk1w37YVgPudb3c8yHBAsOjN9GxqwAMBeF+3nJ5tn3XbQlt3+Ehn/G3G7q+8IvVGISiPsHl87oChUrQzLCYUpnyxrWMKbOF4tDC
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-1-7.job - C:\Program Files (x86)\Ge-Force\a0e02687-a797-4790-bec2-a27c4f7dd5fa-1-7.exe /rawdata=l05B18zbM4kewrSSVqAnw+eFXi1eaZJ9rRmhu+9Ho62G4Ch8jDTeprh8o0AXzqM4jpm1s7QKiXqkLUjtvCMvABgPJFNSyEmiuia/kI46QbZ7KhtKvd5Z5RcYJ9oeLG+UurF3E2tDEc1Rd0S7Xc6wxSwRflpJOETiHYr59hDaDAuN9d/FnjRRic7Cdtl6LfTgJ2fVA3WSJhOc7goaqYwBId9ldjPtSWPqfGQZMrzXct+oepZxFTAIQiDRu230kGCjayp8V2F0tjGq3/To15qlV2zggK4vQfc1SOSAylOuC5pcX0+r3uHEoSpUVbGS2rNQ1qZNhKic9qP8ga2o1+EzSUQX1XEs55L9xiTJNG9bS75ahbZJxXJHG/T23HL8JNN1Uf6YkMJvWDuYG/r3ZQjOFzt0Qsx+9yAGvS4a/vFYS6geD4MhaXZcSspUEJUokWEMWKR6qZcQgYyFUG07Ydw4QsJVM06lhN8cOiSTIN/8VQXyCUME0LbmuWuh7SfKi/VXcO9gT3zmi+2H7mf10eKcZu8QLGL0UIEdzLTLAl2d7UmFJ3yZDWJJvbx91eAdqP+tpHhntm2DmV/YWYkqftvxbHBA3bMfrB2++yU6ydYSOxIzxpUss3hxJvDRRFnfMVhofrUDfaKLsYr6y/E1o3YlKNg0ixpnDmZplG+GhU6znAh6sFSgSF8bmzKE6Jv2eTLdw9llBmsmNUG2a1yPkRH+897ydM+z5FYitf5HRXaZcwfgQXTYgueYPMg2mLyTSkc2wKVImc5onKJuaZkJqWNY42sG+F25gMTcDJ+/RhEAqPkOCH3CXp9w5VpzqDOKfueu7LlvGYLMaDAzTkWCGFzueabbX2nHe4LNsC5EQ0e+WQ5AxpX25j8rB6Ax28rQP9VVIUD7Rfy+pnrsHRy2IWDZVglGC90w+Tex39WvANV/IRnA4eEVURPql9iuzqiljOsv95Ey8pxWPQJPbN+G5F3JdgRVUhjCsAvscz3k2i0uf3n/HrNy4HQLKokn+ElfrLDKVqZwbqMIryzZItvm9yGVhcnQCMgaTHaLHt3JGP7EWpDkRtzUiBqrMGflGPPvuIejPZm/za+N9hil68Ean2F4L+pappEpwUWvlDSlgY0G3HNAALFmgA75KIHZUABUAvJ6W3BdQckrIg9+mvN88lQvb21dpL2rOF1xcdQba2K9LjytpPLIrS6LwG0tgFnC0txkFY85VNHQvAzIloerQU1+FsrFUgviQOYVii5spDBlJPediNusV0VBgU81W3jRiWZZ0+aj5qt3+frZEw0X7WVJeDMVnxFfWSZqK07fdxKkmhprfX/qa6Loy6MauAHpt6Y2oIOOpsD3rjKeSf8FBSxTL6JT836K5TbUGCA4Wg05RlVoRrLxPgOUIe4+Jtp67CTGt9MOIUSuaK9hrWrku12zC/1zOOJTAeqP1vy08BGML2OxoulyY3s1igonRq3KCfT2QfaRy6Lj/1dK/QaMVOqvUqK1k+QLdGl8gkt3E7LMqSXyhhRgFzMFZhJ6vFO6iL12lhGUc5xdYk5QostfcfYaa5xhIBkKEZugqt7CwokHn9HV8YKaU4B1AlgM+8W0LCLsJ3J1zNy7md/C2EiM9Z6OaZ4ez66JmaQvyPVWNkO6eSBAzZb0AHjZ1KzZTzhgnaE1vGn4DwlkKBNat13t8oY1+/A3mC4fR1QxYHB9+SOs5b4=
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-10_user.job - C:\Program Files (x86)\Ge-Force\a0e02687-a797-4790-bec2-a27c4f7dd5fa-10.exe /rawdata=T8yknFrgS8u81NB9p3Qz2LwuT+YFjg8HFBoK8RyziDB075j5avTwG9ZZQbEdkFIrsZNQOhivBqjlGFRXAEJoC5xdPe4sruF8vi7Hr9cwOseK+ef9b3juHQNrE96QhrvR+mdSSdW3MtMJeW518Klg+nVg3MvYCrP31J0v0P54ddV1AM5eZbJKbyfDqmiDzYVoDoOuRLmGCEc5naD7vufcnCjBvQH1oWIJIjOtu1jutOKiqQ4DJhwV+bBFu0bpUKnyuymHvCN8r631AsS3U6LF3uPaqSHMi2K9yqqSP+1qh8yf9n1qho0X+5f7m288xm5pe7thQFNbZhqB1PfUBHqDWaXKjmdR0ptfv6EkCni4qbPeMnGM79WX5F/kddRxUiF2eI4r1tpjv63Rgy3//U5KLq5aZpuJrFKKBq1JmHmToX8mOsHW+hjJgetzz0XgrqF0Q0V6ltGB6Uh4EExiH3Rw6NcsDZ1C2ZI+6GOEHLBR1FKQclkDJjuHi1H9GzdwoEl9FjBmTZxoJlUARIEDYW9h1eeF+LNBJWX6t/6Kx0+4MO5Zoq8oEOLh5u4dv8r9x6eUEiNFgkPDPf8OCnyeNxSoJRXS9pR1nnXvpy+PIC90ABGIbIxtNkCWK9meDwfbBMRotUVj6xweRoERzcRFLBJFx9QkLe24aU9H7AZYki7jB39I9GuVqiRtu4CEEGO6ZUxpEFyx05E1WbIHiEei4eHXEfAhfb5XAg5cfsYR2Pf0e6EOCIXj5bQvPXPo6ItCH+WHk499Yu2B4zMyDnnm9dLEeBUyfj0PBo5tbcTrmv4n0BvfnCWyPXmE9i/Hq9J/FQz9YnsWGRdVde+ltc6u13FSIQ==
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-11.job - C:\Program Files (x86)\Ge-Force\a0e02687-a797-4790-bec2-a27c4f7dd5fa-11.exe /rawdata=UOhUcJjN3llGauiK+fz67OEJ4AHaL86uAuOmoIJWkVETcrmO324ud94uFn3GhGfaIQZhmzFG6sUY54/ZT6WGhjJWvxL4keSZEwIhoic4ek8puLakTxQeSX09+nEbuDVDSo8wnvnKM+Xa801bgdvZDuaPatVPE5YheU5AG0aNo28Ia/lwuFCl4YdZUzcTuyaPmAbrWE4jUpHn9kx3KxTBOTQJasxLfGfnT6qov7KgQ1354LFcCpnYBYlQ+Z14MlUASevheNnjpyTBrw0vYFZIQhNjoWn091lKpI5x0+LJuHnHDx1G7HDqqK8o9dijEsOoPh30pZSW8ztdU43OMlrTf7VTfIjwm5yTiJ5/XCBEjhqjIlgLCK2KDJBF2w34RtC43+KJ09zrXYpHdsRRAGyDSrY1jeRQmSBnf9E7N1D+/lanS+Xy+pFqjsleumfXqsaqq8SpdMNy4FjowIyoP06MHvFbDAugxloXDhWmwgNCkMqLcyKQ2DoaX58CJWtENHEljB+U8MaijeSVDaBs+N+S2WAb69SNFgdg1B7NenY9wR/l80XZ0Jg+QzJpKKXmmArZk4wR/wAJtT2rhfUHCCuTW7B4nFdiL2aQZlofsBR27r2zjoCgZ+mHrFXQVr6fX3+fTMp2y+F+L6cOCHq0re+39jBVRdZILO2+bYDXu+CSTcKn5fZRp4Q+XCs5zC0A3XD/Jw0EpfLd904/XcXckWRZ3dq7jFMsPb7b+dYTQOndgiwD/1JJU8XE8Bnpx+LNRZc7HZIghCzrtNaNK2w8dU9FMhema3ELPjpQmoGFrqXktBqj3EtaW50s7L99clzpvutPV+DMSAg6LPRcOBN8T5JZahKRgAF+aXLMaNX4uOjORfXQimx5uQbQDduUMVtuQAZ4qEtr6bNLbsPH0JYoBS33l0TxOWUb6ikSDfDBPLWHqwJHx2G+K2k/ydxYuzdc1C3KafGy+O4no6ranhHZx++ScyjO5vhEuxjxNVBGYf6uJCq9qJXRWa/nNTmF41xe+3STczs0BVRv8ZlfANbTQtsdS/F2cpGVvuwZoorrrqu12aGP+RPMVLLDmkwlgxgn4jhx/xYmdIqR/rTrFUu+JA65UGLlLN/a4qDTVlH/2kXV8POMWa82HGc87zrhbauPqITfJAQU6bIElyThXKkm9NIJWzdjFcSHnax6UnFFL8jjM3AiGAsjZyTrVcEoTYN9ZziJ0rR7CiuQxyLq+cEx5El2JXkWDDWQQdDWSfG4MemYUQrfAkSbtuOt+rv3QMYFOC5wAkGy7foy/wxp+iLLCDBS65US11jMi+9dYNvf5657nrjES1H4ctFXkDYiNlrOeH3z3ouwAWjAdQjEDM6w3JvZqDvjvnKlyascMA1X9NIrhWXXanRNXs+crCs/y0Wyi19+/h8zJ+z9uMsltwt5L1XItn9oNcmruOQIgUIEBjePZUAfCICy1tDdDw8SJ5eVfP0ZZ0fLy4zivJ+9zO8BgB9zKqAmhVQVNfpRDZQ3D3FtbdTgvvA0qdZ9me7ha90eWtptUuyOwPlM7PX9p9H3pReIHxhnb7HuzAU89AQM+CQcS+Brd6B40TByC6F1Khcr9Wa+JQdf7PT4fHotEoIMt75ttu3/MKasCXlf7MYuu3Naxq0O3X8DxOnv1X5uMTB+eB5GO/SeR37JUGkz41zwOWIhOtduog6Z4Q2KIzOhMpfFBzkDnDq+X03uxJFdUC9F/2b2CPn/iF6hV1iqS5/qPSuHGtE6O/NdQkLfJA6pXkvkz4+jHLY5rQQyRnUH40JqIbc9Q9wpb+Z2E45BRCcNnxEyXog7Kh6wb09eZbiklVNG+MIHSIz+vdivw7Xf21sGW2AyUKIjRgxxzx2OWB8JTyUnTHdjsvuLKl8U8VoqOETWelRgkUvqbffQzWrYRE85Mnlz/kLUAcxT9MnskLsaEFgy6TTXQDxqCHU2GJuwjv7CUl1cX2qGHM2cRrldluVPGxtJT9uaOnlaUC+wDMZUq64osKCnJkIDF4M9a621RBsvSRDVgEId9bH90/pSopCLJ7Y3KCmahOLnKrZm86LlBxOb9TZPI0qy3RN2jTF9sZFcCiI6t+p0sMc73FrcvYinii+x0szELwxz7K9V2a9diTTFJMaqAQ8+eYPMx97DwVFhtLUSORMFCsGCMwfm6n9c2i0PJjUOTRtRtmntD6IfmDwN1VLdqhLn5dUdR+1Di8kZGqoKc/59O3V7a/WRfbNY9Wf20shBQzrmplSbQsgSMw8cpjAvtS3QMSwLIvNAmI60Iw0H8fUeoJyCvVI9zl0zo7bK3ws4huaYRhOIUoxcr5dLclhFbcQkCmJJg4yD/ht/9dJa85ayIBoJD0ioK7iAXHqvvg7pm/qoj5vCvyWACHblHFi49snKgrFP8xV+WsR3WnnYJgP/1g6c5w4T41ZuceiPhN+xDXopWq5dSt3qAJ0H8behXSeQYGb2NIqV0ie353DrOQvIXQpozBJvTv7/Tyw78JTs8/iui2P+qEPOxIAsrrPS7TniHFaoHV9wa49GP+sqHNWdHYqoNBLXtMjXOmI7
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-5.job - C:\Program Files (x86)\Ge-Force\a0e02687-a797-4790-bec2-a27c4f7dd5fa-5.exe /rawdata=haxt8P77Gq2iiiMIPT2TjB8jwwC73CIt5fhz0idYo1TKqO07Kh0mNT+cF1gM3iJZAh1BSIa53zPoawkAvJ03TTbTnU42F2l6Y5bc0X1l6X3cNPSSnh4JEo8oQFzBeVcD9rRBl573u8ZGia1ljeqKyRtQhT943wqNXEUycKRlksU0cKq9KU7CrOSAIh648RZH2vmZ8M19SWVu9QM+aGBQsVFg71bbz71YTKU3zIGB2V2TXkCyc8nXN4/L2E9Qq+mwGysLOp6WUKWixvwv1XiqU7NhxEHXDk/YjVKLTlGs5lI9+v2jf7wQCTlFbR8btV9e1IKMpHbRcp+MXZrjhOPgIE9h5nJQKb4lOQt3dWjDIf5HAlIn0bvMzK/ge1BTlrqnt/IHjPA8vku58d+i1iegmeV5DTVq3TftXa0idCJiJFX1o1hEJxAnsXQBQVwXLD6MF71m5aTN7BAYVTHXf97qsyPsx/dRbi3HtDy4ohOIJAkaxRKlgpwDNOXbmjZcQbJVhMSz61mbIsexDWy/wyPhzdL8d5yKvmXGoIc/PtO243rNjAvys5bqkyP8rST6bQHWSiD5W84u/dqwltUp+Oy1wkILeGA/+qKH7JZp9yFRQVAj/x+yPsCkulYJBMDKgyHWa77wPjAPcmR/OAm/lsaFLsyZvS80epiVV5tsnFM9SuE0895cAHp6BmeUOHHHvnrnDuDO4OQIUtSrY5shk4CwRcuSTeD4jAnwhIFwMfibhU4hzmfSCRwcwwqctRAEh8ZU6jephJznWx/04QR5rgSj0U6Wu84vk/eofHExr+JwJuBpNuFMQQ+OEVVXrORitTGXt006Pr1Vv6xbG2K8NhuHf6xfNnPX1CuTdlcL+jtfJCk9mdlwv360C+31YVa21i9IZH+xh4kuHgtyD8CibJlXvAerWgj8iyyZ7f+q4Q3ChyIGa3upgL3YNB4Sm0Qmvmh3Z0tx1CEPgePP4E3fpDKsKbErarEheEQSh3BOkp5yu9VYBrNbZsIWBAgLe+DBn5YwS8QwZwCBQ4Zw8wBzhBNl7ZN5+pL83v0efQsHtJgK+c6tkwNn+ZKkfOXyjRZWjzKPPgIgh7cbHzp6j/6p0BO3peEY5LhJW3e5dhd4R619zk8y6/cUIEL3wModc6+qITMpygoYnvtLO2THBmPPYwEA/mNZspDVCWWIzHKeMoOHGDI=
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-5_user.job - C:\Program Files (x86)\Ge-Force\a0e02687-a797-4790-bec2-a27c4f7dd5fa-5.exe /rawdata=haxt8P77Gq2iiiMIPT2TjB8jwwC73CIt5fhz0idYo1TKqO07Kh0mNT+cF1gM3iJZAh1BSIa53zPoawkAvJ03TTbTnU42F2l6Y5bc0X1l6X3cNPSSnh4JEo8oQFzBeVcD9rRBl573u8ZGia1ljeqKyRtQhT943wqNXEUycKRlksU0cKq9KU7CrOSAIh648RZH2vmZ8M19SWVu9QM+aGBQsVFg71bbz71YTKU3zIGB2V2TXkCyc8nXN4/L2E9Qq+mwGysLOp6WUKWixvwv1XiqU7NhxEHXDk/YjVKLTlGs5lI9+v2jf7wQCTlFbR8btV9e1IKMpHbRcp+MXZrjhOPgIE9h5nJQKb4lOQt3dWjDIf5HAlIn0bvMzK/ge1BTlrqnt/IHjPA8vku58d+i1iegmeV5DTVq3TftXa0idCJiJFX1o1hEJxAnsXQBQVwXLD6MF71m5aTN7BAYVTHXf97qsyPsx/dRbi3HtDy4ohOIJAkaxRKlgpwDNOXbmjZcQbJVhMSz61mbIsexDWy/wyPhzdL8d5yKvmXGoIc/PtO243rNjAvys5bqkyP8rST6bQHWSiD5W84u/dqwltUp+Oy1wkILeGA/+qKH7JZp9yFRQVAj/x+yPsCkulYJBMDKgyHWa77wPjAPcmR/OAm/lsaFLsyZvS80epiVV5tsnFM9SuE0895cAHp6BmeUOHHHvnrnDuDO4OQIUtSrY5shk4CwRcuSTeD4jAnwhIFwMfibhU4hzmfSCRwcwwqctRAEh8ZU6jephJznWx/04QR5rgSj0U6Wu84vk/eofHExr+JwJuBpNuFMQQ+OEVVXrORitTGXt006Pr1Vv6xbG2K8NhuHf6xfNnPX1CuTdlcL+jtfJCk9mdlwv360C+31YVa21i9IZH+xh4kuHgtyD8CibJlXvAerWgj8iyyZ7f+q4Q3ChyIGa3upgL3YNB4Sm0Qmvmh3Z0tx1CEPgePP4E3fpDKsKbErarEheEQSh3BOkp5yu9VYBrNbZsIWBAgLe+DBn5YwIIJBVDq4No8a4p137vEj+dTtfjradU5KggfrQIP1GyiY5uD6M/zJCIO+nPKEt7aSfdEXPezHCEx2aWH6Un1Hgd5Ysl6J2WyuBOpDvkdRzbC014uQvN77Pgx2W3fsK55ND6qsbGnzsptr+sZ5OoCCQYkHxAxK0J3+42yqoTPoe6w=
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\BYAIAMUF.job - C:\Users\Liba\AppData\Roaming\BYAIAMUF.exe /infocmdline=IToquqv9zAdQXmoYFazaK4R7tp2TTiJ579o/GG5bBxM1y2VrbMSUDMGNLZKJjzpdlWz8nFxQxuDvR9/YSbJEY/OJ6HBH5u9wz21ZNVnOw4JemioAh6pzvhQDT9GSTNGlZLqzrI5a2fUUdKYdoiJN5DBnnY8QgPW85oJOSVafu+aqDi87lbWcwG4EBFTyCr2V0ZPBLXCC1hwCkG3aksvhhyZaRfQAIFtOacKyGU+fyVGrMorjbwYDrTI4D0q0Q/AU1/6Z3EWvAOMvqwBDXsHmcgKtmYYwHKWnqKYp3VkNOiIy31BYolj2iUaNHHhpibzYjxUuuaKsONqUBbHMWKTE6KnDIAUemw2jScGMIFapC4OK5RUFHrggfChqixtrcIkZFpD+rq7hYPZC4HZOb0TGtYCY81Bk1XL/5LDSVzH7HqDBIcsBVGlP7StfFcxMET5ow+qC7OuldWgXJzhiRDLiLcQUtFrQr+MbtKEn96GypnKYhMGt13pWRp1o5QfjHRRgsZkLutK+wRg09MBTdV6esMVJAnVrHQ18v7KwLAnjHLQ6qygpZwcc4FRKmt288xLM80NNLghoNjL7A5LleUPNwEK91s0rHvKmd83SdnKb64/+DklNpVBvfiP1S7ufH9ZR3T06y0c1dfgiSyZsKto8dEXbr5D/fQu+D2xz3adWKyg=
C:\windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /c
C:\windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /ua /installsource scheduler
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-12-09 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-12-09 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-04-21 166424]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-04-21 391192]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-04-21 413720]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-22 521272]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-10 2176296]
"OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2009-12-19 776608]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [2009-12-17 4367808]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2009-12-17 6988736]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2014-06-05 248176]
"IceWarp Desktop Client"=C:\Program Files (x86)\IceWarp Desktop Client\MailClient.exe [2014-12-22 15372288]
"YTDownloader"=C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot []
"uTorrent"=C:\Users\Liba\AppData\Roaming\uTorrent\uTorrent.exe [2015-05-18 1998432]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2010-01-15 536576]
"VeriFaceManager"=C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe []
"UCam_Menu"=C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\YouCam UpdateWithCreateOnce Software\CyberLink\YouCam\3.0 []
"YouCam Mirror Tray icon"=C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe /s []
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"mncebtxiSrv"=C:\windows\system32\mncebtxi.vbe []
"mncelavleSrv"=C:\windows\system32\mncelavle.vbe []
"mncxddxSrv"=C:\windows\system32\mncxddx.vbe []
"mncqypkacSrv"=C:\windows\system32\mncqypkac.vbe []
"YTDownloader"=C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot []
"Malwarebytes Anti-Exploit"=C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2015-04-08 2618680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
vpngui.exe.lnk - C:\windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe

C:\Users\Liba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
wandoujia_helper.lnk - C:\Users\Liba\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-03-31 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-05-18 15:40:27 ----D---- C:\rsit
2015-05-18 15:40:27 ----D---- C:\Program Files\trend micro
2015-05-18 14:39:11 ----D---- C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-18 14:39:07 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-05-18 14:23:31 ----D---- C:\Program Files\Reimage
2015-05-18 10:30:03 ----D---- C:\Program Files (x86)\Enigma Software Group
2015-05-18 10:26:49 ----D---- C:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-05-18 10:18:36 ----D---- C:\Users\Liba\AppData\Roaming\OpenCandy
2015-05-18 10:16:13 ----D---- C:\Program Files (x86)\Microsoft
2015-05-15 13:42:50 ----A---- C:\autoexec.bat
2015-05-15 10:16:43 ----A---- C:\windows\Reimage.ini
2015-05-14 20:09:25 ----D---- C:\ProgramData\IHProtectUpDate
2015-05-14 20:09:09 ----D---- C:\ProgramData\WindowsMangerProtect
2015-05-14 20:08:34 ----D---- C:\Users\Liba\AppData\Roaming\istartsurf
2015-05-14 20:07:38 ----D---- C:\Program Files (x86)\Ge-Force
2015-05-14 19:51:39 ----D---- C:\Users\Liba\AppData\Roaming\Seznam.cz
2015-05-14 19:51:07 ----A---- C:\Users\Liba\AppData\Roaming\BYAIAMUF.exe
2015-05-06 20:55:32 ----A---- C:\windows\SYSWOW64\uTorrent-3.4.3-40298.exe

======List of files/folders modified in the last 1 month======

2015-05-18 15:40:27 ----RD---- C:\Program Files
2015-05-18 15:40:18 ----D---- C:\windows\Temp
2015-05-18 15:19:15 ----D---- C:\Users\Liba\AppData\Roaming\IceWarp Desktop Client
2015-05-18 14:50:23 ----D---- C:\Users\Liba\AppData\Roaming\uTorrent
2015-05-18 14:39:11 ----HD---- C:\ProgramData
2015-05-18 14:39:07 ----D---- C:\Program Files (x86)
2015-05-18 14:32:01 ----D---- C:\windows\System32
2015-05-18 14:32:01 ----D---- C:\windows\inf
2015-05-18 14:32:01 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-05-18 14:30:21 ----D---- C:\windows\system32\Tasks
2015-05-18 14:27:46 ----D---- C:\windows\system32\config
2015-05-18 14:27:27 ----A---- C:\windows\SYSWOW64\log.txt
2015-05-18 14:20:15 ----D---- C:\windows\Tasks
2015-05-18 14:15:38 ----D---- C:\windows\Prefetch
2015-05-18 13:59:07 ----D---- C:\windows\system32\drivers
2015-05-18 13:57:42 ----D---- C:\Users\Liba\AppData\Roaming\Wandoujia2
2015-05-18 13:08:45 ----D---- C:\windows\system32\FxsTmp
2015-05-18 10:45:27 ----D---- C:\windows\SysWOW64
2015-05-18 10:30:32 ----SHD---- C:\windows\Installer
2015-05-18 10:30:06 ----SD---- C:\Users\Liba\AppData\Roaming\Microsoft
2015-05-18 10:28:02 ----SHD---- C:\System Volume Information
2015-05-18 10:26:49 ----D---- C:\Windows
2015-05-15 10:40:21 ----HD---- C:\windows\system32\GroupPolicy
2015-05-15 10:40:21 ----D---- C:\windows\SYSWOW64\GroupPolicy
2015-05-14 20:07:36 ----D---- C:\Program Files\Common Files\System
2015-05-05 15:36:47 ----D---- C:\windows\system32\catroot2
2015-05-04 09:59:33 ----D---- C:\Users\Liba\AppData\Roaming\FileZilla
2015-04-27 22:43:12 ----D---- C:\Users\Liba\AppData\Roaming\Skype
2015-04-27 19:55:35 ----D---- C:\ProgramData\Skype
2015-04-27 19:55:26 ----RD---- C:\Program Files (x86)\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-03-03 540696]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2015-04-08 63064]
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-06-18 4170304]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2010-01-18 717368]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\windows\system32\Drivers\CVPNDRVA.sys [2011-03-04 306536]
R3 DNE;Deterministic Network Enhancer Miniport; C:\windows\system32\DRIVERS\dne64x.sys [2008-11-16 157968]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-18 254528]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-03-31 10322848]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
R3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-10 1380400]
R3 vm331avs;Digital Camera 1; C:\windows\System32\Drivers\vm331avs.sys [2010-03-18 215168]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 atzxnids;atzxnids; \??\C:\windows\system32\drivers\atzxnids.sys []
S1 iydqhium;iydqhium; \??\C:\windows\system32\drivers\iydqhium.sys []
S1 lpgbeeye;lpgbeeye; \??\C:\windows\system32\drivers\lpgbeeye.sys []
S1 qwgqneyc;qwgqneyc; \??\C:\windows\system32\drivers\qwgqneyc.sys []
S1 xmckriqi;xmckriqi; \??\C:\windows\system32\drivers\xmckriqi.sys []
S1 xpdfwjso;xpdfwjso; \??\C:\windows\system32\drivers\xpdfwjso.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2009-07-01 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
S3 cpuz134;cpuz134; \??\C:\Users\Liba\AppData\Local\Temp\cpuz134\cpuz134_x64.sys []
S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 dot4;MS IEEE-1284.4 Driver; C:\windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 ggflt;SEMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2013-05-10 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsemc.sys [2013-05-10 27760]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys []
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-03-12 242720]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
S3 usbrndis6;Adaptér USB RNDIS6; C:\windows\system32\DRIVERS\usb80236.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;Android USB Driver; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-08-11 864032]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2011-03-04 1529856]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-12-09 268824]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2015-04-08 656184]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2014-06-05 93040]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2015-05-14 337064]
R2 WinVNC4;VNC Server Version 4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-01-02 315488]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2012-06-12 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16 268464]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-13 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

#5 Příspěvek od **vyosek** » 18 kvě 2015 15:55

Tam toho je

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:services
globalUpdate
globalUpdatem
atzxnids
iydqhium
iydqhium
lpgbeeye
qwgqneyc
xmckriqi
xpdfwjso

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Xvid"=-
"TomTomHOME.exe"=-
"YTDownloader"=-
"uTorrent"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"mncebtxiSrv"=-
"mncelavleSrv"=-
"mncxddxSrv"=-
"mncqypkacSrv"=-
"YTDownloader"=-
"Malwarebytes Anti-Exploit"=-

:files
C:\Program Files (x86)\Enigma Software Group
C:\Users\Liba\AppData\Roaming\OpenCandy
C:\ProgramData\IHProtectUpDate
C:\ProgramData\WindowsMangerProtect
C:\Users\Liba\AppData\Roaming\BYAIAMUF.exe
C:\windows\SYSWOW64\uTorrent-3.4.3-40298.exe
C:\Users\Liba\AppData\Roaming\istartsurf
C:\windows\system32\mncebtxi.vbe
C:\windows\system32\mncelavle.vbe
C:\windows\system32\mncxddx.vbe
C:\windows\system32\mncqypkac.vbe
C:\Program Files (x86)\YTDownloader
 C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Ge-Force
C:\Program Files (x86)\globalUpdate
C:\Users\Liba\AppData\Roaming\BYAIAMUF.exe
C:\windows\tasks\*.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Liba · #6 Příspěvek od **Liba** » 18 kvě 2015 19:11

All processes killed
========== SERVICES/DRIVERS ==========
Service globalUpdate stopped successfully!
Service globalUpdate deleted successfully!
Service globalUpdatem stopped successfully!
Service globalUpdatem deleted successfully!
Service atzxnids stopped successfully!
Service atzxnids deleted successfully!
Service iydqhium stopped successfully!
Service iydqhium deleted successfully!
Error: No service named iydqhium was found to stop!
Service\Driver key iydqhium not found.
Service lpgbeeye stopped successfully!
Service lpgbeeye deleted successfully!
Service qwgqneyc stopped successfully!
Service qwgqneyc deleted successfully!
Service xmckriqi stopped successfully!
Service xmckriqi deleted successfully!
Service xpdfwjso stopped successfully!
Service xpdfwjso deleted successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Xvid deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TomTomHOME.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\mncebtxiSrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\mncelavleSrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\mncxddxSrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\mncqypkacSrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Exploit deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Enigma Software Group\SpyHunter\mon folder moved successfully.
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Downloads folder moved successfully.
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Defs folder moved successfully.
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Data folder moved successfully.
C:\Program Files (x86)\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files (x86)\Enigma Software Group folder moved successfully.
C:\Users\Liba\AppData\Roaming\OpenCandy\OpenCandy_43FF25DECE7648948224A06E59BBEE13 folder moved successfully.
C:\Users\Liba\AppData\Roaming\OpenCandy folder moved successfully.
C:\ProgramData\IHProtectUpDate\update folder moved successfully.
C:\ProgramData\IHProtectUpDate folder moved successfully.
C:\ProgramData\WindowsMangerProtect\update folder moved successfully.
C:\ProgramData\WindowsMangerProtect folder moved successfully.
C:\Users\Liba\AppData\Roaming\BYAIAMUF.exe moved successfully.
C:\windows\SYSWOW64\uTorrent-3.4.3-40298.exe moved successfully.
C:\Users\Liba\AppData\Roaming\istartsurf\images\code folder moved successfully.
C:\Users\Liba\AppData\Roaming\istartsurf\images folder moved successfully.
C:\Users\Liba\AppData\Roaming\istartsurf folder moved successfully.
C:\windows\system32\mncebtxi.vbe moved successfully.
C:\windows\system32\mncelavle.vbe moved successfully.
C:\windows\system32\mncxddx.vbe moved successfully.
C:\windows\system32\mncqypkac.vbe moved successfully.
File\Folder C:\Program Files (x86)\YTDownloader not found.
File\Folder C:\Program Files (x86)\Ask.com not found.
C:\Program Files (x86)\Ge-Force folder moved successfully.
File\Folder C:\Program Files (x86)\globalUpdate not found.
File\Folder C:\Users\Liba\AppData\Roaming\BYAIAMUF.exe not found.
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-1-6.job moved successfully.
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-1-7.job moved successfully.
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-10_user.job moved successfully.
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-11.job moved successfully.
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-5.job moved successfully.
C:\windows\tasks\a0e02687-a797-4790-bec2-a27c4f7dd5fa-5_user.job moved successfully.
C:\windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\windows\tasks\BYAIAMUF.job moved successfully.
C:\windows\tasks\globalUpdateUpdateTaskMachineCore.job moved successfully.
C:\windows\tasks\globalUpdateUpdateTaskMachineUA.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
C:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Liba
->Temp folder emptied: 1128974985 bytes
->Temporary Internet Files folder emptied: 173477347 bytes
->Java cache emptied: 447577 bytes
->Google Chrome cache emptied: 12189674 bytes
->Opera cache emptied: 110756104 bytes
->Flash cache emptied: 9237 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1953792 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 701556131 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 25330058 bytes
RecycleBin emptied: 13048483965 bytes

Total Files Cleaned = 14,499.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Liba
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Liba
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05182015_200252

Files\Folders moved on Reboot...
File\Folder C:\Users\Liba\AppData\Local\Temp\etilqs_4JxSq32ReIyZlJh not found!
File\Folder C:\Users\Liba\AppData\Local\Temp\etilqs_FyOBjrPIRydNApZ not found!
File\Folder C:\Users\Liba\AppData\Local\Temp\etilqs_WC5eOobT9Hhv5Dy not found!
C:\Users\Liba\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#7 Příspěvek od **vyosek** » 18 kvě 2015 19:21

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Liba · #8 Příspěvek od **Liba** » 18 kvě 2015 19:30

# AdwCleaner v4.204 - Log vytvořen 18/05/2015 v 20:27:24
# Aktualizováno 12/05/2015 by Xplode
# Databáze : 2015-05-12.2 [Server]
# Operační system : Windows 7 Home Premium (x64)
# Uživatelské jméno : Liba - LIBA-PC
# Spuštěno z : C:\Users\Liba\Desktop\adwcleaner_4.204.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : WindowsMangerProtect

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\Tbccint
Složka Smazáno : C:\Program Files (x86)\Tbccint
Složka Smazáno : C:\Program Files\Reimage
Složka Smazáno : C:\Users\Liba\AppData\Local\AskToolbar
Složka Smazáno : C:\Users\Liba\AppData\Local\globalUpdate
Složka Smazáno : C:\Users\Liba\AppData\Local\Media Get LLC
Složka Smazáno : C:\Users\Liba\AppData\Local\MediaGet2
Složka Smazáno : C:\Users\Liba\AppData\Local\Tbccint
Složka Smazáno : C:\Users\Liba\AppData\Local\BrowserHelper
Složka Smazáno : C:\Users\Liba\AppData\LocalLow\Conduit
Složka Smazáno : C:\Users\Liba\AppData\LocalLow\Tbccint
Složka Smazáno : C:\Users\Liba\AppData\Roaming\dvdvideosoftiehelpers
Složka Smazáno : C:\Users\Liba\AppData\Roaming\Systweak
Složka Smazáno : C:\Users\Liba\Documents\Updater
Složka Smazáno : C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank
Soubor Smazáno : C:\END
Soubor Smazáno : C:\windows\Reimage.ini
Soubor Smazáno : C:\Program Files\Common Files\System\SysMenu.dll
Soubor Smazáno : C:\Program Files\Common Files\System\SysMenu64.dll
Soubor Smazáno : C:\windows\System32\roboot64.exe
Soubor Smazáno : C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Soubor Smazáno : C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Soubor Smazáno : C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.istartsurf.com_0.localstorage
Soubor Smazáno : C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****

Úloha Smazáno : globalUpdateUpdateTaskMachineCore
Úloha Smazáno : globalUpdateUpdateTaskMachineUA
Úloha Smazáno : SMupdate1
Úloha Smazáno : Microsoft\Windows\Multimedia\SMupdate3
Úloha Smazáno : Microsoft\Windows\Maintenance\SMupdate2
Úloha Smazáno : a0e02687-a797-4790-bec2-a27c4f7dd5fa-1-6
Úloha Smazáno : a0e02687-a797-4790-bec2-a27c4f7dd5fa-1-7
Úloha Smazáno : a0e02687-a797-4790-bec2-a27c4f7dd5fa-10_user
Úloha Smazáno : a0e02687-a797-4790-bec2-a27c4f7dd5fa-11
Úloha Smazáno : a0e02687-a797-4790-bec2-a27c4f7dd5fa-5
Úloha Smazáno : a0e02687-a797-4790-bec2-a27c4f7dd5fa-5_user

***** [ Zástupci ] *****

Zástupce Vyléčeno : C:\Users\Liba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera 15.lnk

***** [ Registry ] *****

Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\Conduit.Engine
Klíč Smazáno : HKLM\SOFTWARE\Classes\dnUpdate
Klíč Smazáno : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Klíč Smazáno : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Klíč Smazáno : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Klíč Smazáno : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Klíč Smazáno : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Klíč Smazáno : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Klíč Smazáno : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Klíč Smazáno : HKCU\Software\3a6a94908c300aa83f59f5b478d9dcd9
Klíč Smazáno : HKCU\Software\d3b483a18547fdbe88b8598af2c7b371
Klíč Smazáno : HKCU\Software\f4ab67a7a8a52b0d77a2c440bc2d83a9
Klíč Smazáno : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Klíč Smazáno : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Data Obnoveno : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Klíč Smazáno : HKCU\Software\APN PIP
Klíč Smazáno : HKCU\Software\Conduit
Klíč Smazáno : HKCU\Software\GlobalUpdate
Klíč Smazáno : HKCU\Software\HomeTab
Klíč Smazáno : HKCU\Software\simplytech
Klíč Smazáno : HKCU\Software\systweak
Klíč Smazáno : HKCU\Software\Tbccint
Klíč Smazáno : HKCU\Software\Tbccint_HKLM
Klíč Smazáno : HKCU\Software\Reimage
Klíč Smazáno : HKCU\Software\TNT2
Klíč Smazáno : HKCU\Software\WajIntEnhance
Klíč Smazáno : HKCU\Software\SearchProtectWS
Klíč Smazáno : HKCU\Software\Linkey
Klíč Smazáno : HKCU\Software\AppDataLow\Software\Crossrider
Klíč Smazáno : HKCU\Software\AppDataLow\Software\ShoppingReport2
Klíč Smazáno : HKCU\Software\AppDataLow\Software\Tbccint
Klíč Smazáno : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Klíč Smazáno : HKLM\SOFTWARE\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKLM\SOFTWARE\GlobalUpdate
Klíč Smazáno : HKLM\SOFTWARE\ICQ\ICQToolbar
Klíč Smazáno : HKLM\SOFTWARE\Iminent
Klíč Smazáno : HKLM\SOFTWARE\InstalledBrowserExtensions
Klíč Smazáno : HKLM\SOFTWARE\istartsurfSoftware
Klíč Smazáno : HKLM\SOFTWARE\SafetyNut
Klíč Smazáno : HKLM\SOFTWARE\SearchProtect
Klíč Smazáno : HKLM\SOFTWARE\SupDp
Klíč Smazáno : HKLM\SOFTWARE\supWindowsMangerProtect
Klíč Smazáno : HKLM\SOFTWARE\Uniblue
Klíč Smazáno : HKLM\SOFTWARE\IHProtect
Klíč Smazáno : HKLM\SOFTWARE\WajIntEnhance
Klíč Smazáno : HKLM\SOFTWARE\SpeedBit
Klíč Smazáno : HKLM\SOFTWARE\Ge-Force
Klíč Smazáno : HKLM\SOFTWARE\AIM Toolbar
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0405-0000-0000000FF1CE}
Klíč Smazáno : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Klíč Smazáno : [x64] HKLM\SOFTWARE\ShopperPro
Klíč Smazáno : [x64] HKLM\SOFTWARE\Reimage
Klíč Smazáno : [x64] HKLM\SOFTWARE\YTDownloader
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com

***** [ Prohlížeče ] *****

-\\ Internet Explorer v8.0.7600.16800

Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v

-\\ Opera v18.0.1284.49

*************************

AdwCleaner[R0].txt - [25392 bytů] - [18/05/2015 20:25:52]
AdwCleaner[S0].txt - [21728 bytů] - [18/05/2015 20:27:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21787 bytů] ##########

#9 Příspěvek od **vyosek** » 19 kvě 2015 05:12

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Liba · #10 Příspěvek od **Liba** » 19 kvě 2015 20:12

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Liba on Łt 19.05.2015 at 20:42:15,56.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Liba\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19.5.2015 20:45:10 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Fotolab deleted successfully
C:\PROGRA~2\Nitro PDF deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\Yahoo! deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\PROGRA~3\Anvsoft deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\Users\Liba\AppData\Roaming\AdobeUM deleted successfully
C:\Users\Liba\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Liba\AppData\Roaming\Publish Providers deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully
HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\UrlSearchHooks\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Liba\AppData\Roaming\TomTom\HOME\Profiles\bqpi4wg4.default\prefs.js:

Added to C:\Users\Liba\AppData\Roaming\TomTom\HOME\Profiles\bqpi4wg4.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command]
@="C:\\Program Files (x86)\\Opera\\Launcher.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Fotolab not found
C:\PROGRA~2\Nitro PDF not found
C:\PROGRA~2\VideoLAN not found
C:\PROGRA~2\Yahoo! not found
C:\PROGRA~3\DivX deleted
C:\Users\Liba\.android deleted
C:\Users\Liba\AppData\Roaming\Thinstall deleted
C:\PROGRA~3\abov.pad deleted
C:\PROGRA~3\as98213.txt deleted
C:\PROGRA~3\kjhy64.txt deleted
C:\PROGRA~3\ej73q.reg deleted
C:\PROGRA~3\jtof2.reg deleted
C:\PROGRA~3\ICQ deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Liba\AppData\Local\Thinstall deleted
C:\Users\Liba\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Public\Documents\ShopperPro deleted
C:\windows\wininit.ini deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Users\Liba\AppData\Roaming\BYAIAMUF" deleted
"C:\windows\SysNative\tasks\BYAIAMUF" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Liba\AppData\Roaming\TomTom\HOME\Profiles\bqpi4wg4.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Liba\AppData\Roaming\TomTom\HOME\Profiles\bqpi4wg4.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

==== Firefox Plugins ======================

==== Chromium Look ======================

Docs - Liba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Easy Youtube Video Downloader For Opera - Liba\AppData\Roaming\Opera Software\Opera Stable\Extensions\acghaimmohdiildbgkbcjfmkdgglpofi
Classic Tabs - Liba\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg
Disconnect - Liba\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj
Download Helper - Liba\AppData\Roaming\Opera Software\Opera Stable\Extensions\hfmijjkdjheadkpejemopocfjbepodlp
Bookmarks Manager - Liba\AppData\Roaming\Opera Software\Opera Stable\Extensions\nkgbeagkihphgjnlkclfjjjplmefndnm
Youtube Mp3 and Video Downloader - Liba\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogpecemdlmbpkcahdoeiaoeobjhalpno

==== Chromium Fix ======================

C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.search.smartshopping.com_0.localstorage deleted successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.search.smartshopping.com_0.localstorage-journal deleted successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Extensions\acghaimmohdiildbgkbcjfmkdgglpofi deleted successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_acghaimmohdiildbgkbcjfmkdgglpofi_0.localstorage deleted successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_acghaimmohdiildbgkbcjfmkdgglpofi_0.localstorage-journal deleted successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Extensions\ogpecemdlmbpkcahdoeiaoeobjhalpno deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.cz/?gws_rd=ssl"
"Default_Page_URL"="http://www.google.com"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="https://www.google.cz/?gws_rd=ssl"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{879332F9-C6D5-4CBF-A594-04047D4EA761} Google Url="http://www.google.com/search?q={searchT ... utEncoding?}"
{DB2FE242-EA2C-4264-92F1-CF8321F058DE} BS Player ControlBar B Customized Web Search Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Web Data will be reset at reboot
C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal will be reset at reboot

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3465981613-3088051064-1141345442-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DB2FE242-EA2C-4264-92F1-CF8321F058DE} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Liba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Liba\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Liba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Liba\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot
C:\Users\Liba\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=90 folders=32 95656636 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Liba\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Liba\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Web Data" not found
"C:\Users\Liba\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal" not found
"C:\Users\Liba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Liba\AppData\Local\Opera Software\Opera Stable\Cache\data_0" deleted
"C:\Users\Liba\AppData\Local\Opera Software\Opera Stable\Cache\data_1" deleted
"C:\Users\Liba\AppData\Local\Opera Software\Opera Stable\Cache\data_2" deleted
"C:\Users\Liba\AppData\Local\Opera Software\Opera Stable\Cache\data_3" deleted
"C:\Users\Liba\AppData\Local\Opera Software\Opera Stable\Cache\index" deleted

==== EOF on Łt 19.05.2015 at 21:11:26,45 ======================

#11 Příspěvek od **vyosek** » 19 kvě 2015 20:57

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

VIRY.CZ

IstarSurf

IstarSurf

Re: IstarSurf

Re: IstarSurf

Re: IstarSurf

Re: IstarSurf

Re: IstarSurf

Re: IstarSurf

Re: IstarSurf

Re: IstarSurf

Re: IstarSurf

Re: IstarSurf