ESET: spolu s domácí stránkou okno se zablokovanou adresou

Zpráva

misabalu · #1 Příspěvek od **misabalu** » 20 kvě 2015 23:58

Používám Windows 7 Pro SP1 64bit na i3 s 8 GB DDR3
Asi polsedních 14 dní se začalo po startu prohlížeče Maxthon 3 objevovat okno ESET Smart Security 8,
hlásající zablokovanou URL adresu ssl://www.superfish.com a IP adresu 66.70.34.117
Toto okno se objeví po každém startu prohlížeče.
Prosím o analýzu. Díky

#2 Příspěvek od **vyosek** » 21 kvě 2015 07:45

Zdravim

Dejte prosim z RSIT nebo FRST at sE na to muzeme podivat...

misabalu · #3 Příspěvek od **misabalu** » 21 kvě 2015 08:49

Log z FRST Launcheru:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Balu (administrator) on PC-BALU on 21-05-2015 09:47:57
Running from C:\Users\Balu\Desktop
Loaded Profiles: Balu (Available profiles: Balu & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\Picexa\picexasvc.exe
(Windows SysTool) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Cinema PlusV16.03) C:\Program Files (x86)\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-10.exe
(Cinema PlusV16.03) C:\Program Files (x86)\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-6.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AutoComSoft s.r.o.) C:\Auto-diagnostika\ADnews.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Users\Balu\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Users\Balu\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(SEV Computing, s.r.o.) C:\Program Files (x86)\FinWin 1.0\FINWIN.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\O!Direct\O!Direct.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe
() C:\Program Files (x86)\ASUS\O!Direct\Server.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Ritlabs S.R.L.) C:\Program Files (x86)\The Bat!\TheBat.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(forum.viry.cz) C:\Users\Balu\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Users\Balu\Desktop\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Slu~ba Acronis Scheduler2] => C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe [358832 2011-02-03] (Acronis)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [zzzHPSETUP] => I:\! DRIVERY\Scannery\_HP ScanJet 5590P\Win7-64\setup_full_5590_3\Setup.exe [653312 2009-08-04] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [FinWin 1.0] => C:\Program Files (x86)\FinWin 1.0\FINWIN.EXE [347648 2012-12-18] (SEV Computing, s.r.o.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5133968 2011-02-03] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [442896 2013-03-06] (Research In Motion Limited)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [O!Direct] => C:\Program Files (x86)\ASUS\O!Direct\O!Direct.exe [1383424 2011-04-21] (ASUSTeK COMPUTER INC.)
HKLM-x32\...\Run: [ACSW17EN] => C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984 2013-09-25] (ACD Systems)
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [WDICT32] => [X]
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [NBJ] => "H:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Balu\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Balu\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-06] ()
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {5573fe65-6a9d-11e4-be92-c8600098d2d8} - D:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {6cc7e7f3-84b4-11e2-a54f-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {749152d1-0e4e-11e4-b8d7-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {9e61287b-7d3a-11e4-a58c-c8600098d2d8} - D:\VTP_Manager.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {a20700e3-c1d9-11e2-9d5c-c8600098d2d8} - D:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {ca586cf1-01ad-11e4-992b-c8600098d2d8} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {cd9c1b59-0367-11e4-b9ea-c8600098d2d8} - D:\Autorun.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {d7dbdf2d-e9fe-11e2-a116-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {e54544b5-721f-11e4-8f01-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ADnews.lnk [2015-04-14]
ShortcutTarget: ADnews.lnk -> C:\Auto-diagnostika\ADnews.exe (AutoComSoft s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2013-01-14]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Balu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater-SVO.lnk [2015-04-15]
ShortcutTarget: RT-Updater-SVO.lnk -> C:\Auto-diagnostika\VCDS.exe (Ross-Tech, LLC)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-26] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-26] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-26] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-26] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-26] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-26] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... 4694446944
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... 4694446944
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 4694446944
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 4694446944
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... earchTerms}
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... 4694446944
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 4694446944
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {2376214C-9BB8-4127-8A66-577872166791} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {3A407B86-6124-418C-BB22-0A9436F346C8} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {3BE0A6D7-5685-4CAF-B3C1-F9A5B19EC892} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {4B59A7BB-A40A-4AEF-BE63-89444CA5496F} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {4DA68D33-154F-4F35-84DE-A2C1C11FFD65} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {52BCD873-B76F-491F-B595-FB6547613332} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {9A2D8335-235E-4E5A-A917-EFB9943679D4} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {B34F47F7-709F-4204-BE4A-E9A0C85AF8CD} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {B5845345-FE21-4C9E-99D2-C3CC0F7EB2D5} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {BE9737BF-0FE6-4764-9F0E-C50AEFD956D2} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {D8D3DBDB-125A-4387-B5DC-848B999C5B9F} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2013-02-27] ()
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-05-20] (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-11] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-11] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2013-02-27] ()
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files (x86)\Skyline\TerraExplorer\TerraExplorerX.dll [2014-06-25] (Skyline software systems Inc.)
Hosts: 127.0.0.1 acdid.acdsystems.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts= ... 4694446944
FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1432160 ... 4694446944
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1079416441-1027052400-2168246751-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Balu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\searchplugins\istartsurf.xml [2015-05-13]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml [2013-08-26]
FF Extension: Lights Cinema 1.5beta - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\Extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [2015-05-13]
FF Extension: QuickSearch - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\Extensions\quick_searchff@gmail.com [2015-05-21]
FF Extension: Search Enginer - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\Extensions\sweetsearch@gmail.com [2015-05-21]
FF Extension: Video DownloadHelper - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-21]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\sweetsearch@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.delta-homes.com/?type=sc&ts= ... 4694446944

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe [1064480 2011-02-03] (Acronis)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-03-06] (Research In Motion Limited) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [157824 2015-05-20] (XTab system)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [393880 2015-05-20] (Taiwan Shui Mu Chih Ching Technology Limited)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2011-05-27] ()
R2 Správce výběru OS; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2156952 2010-10-28] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [602112 2015-05-20] (Windows SysTool) [File not signed] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 ACSSCR; C:\Windows\System32\DRIVERS\a38usb.sys [62848 2014-08-21] (Advanced Card Systems Ltd.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 AVerPola; C:\Windows\System32\DRIVERS\AVerPola.sys [534144 2011-01-04] (AVerMedia TECHNOLOGIES, Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 CbFs; C:\Windows\system32\drivers\cbfs_x64.sys [191960 2009-08-19] (EldoS Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-03-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-03-10] (ESET)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769304 2014-05-11] (www.ext2fsd.com)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2014-01-30] (QUALCOMM Incorporated)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MIPDISKPNPv5; C:\Windows\System32\DRIVERS\MIPDISKPNPv5.sys [197752 2012-03-20] (GetData Pty Ltd)
R1 MIPDISKv564; C:\Windows\system32\drivers\MIPDISKv564.sys [65144 2012-04-27] (GetData Pty Ltd)
R3 MIPFSv5; C:\Windows\System32\DRIVERS\MIPFSv5.sys [345720 2012-05-02] (GetData Pty Ltd)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
S2 NSHE; C:\Windows\SysWOW64\Drivers\NSHE.SYS [97792 2008-11-23] (T0r0 2008) [File not signed]
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [70984 2010-06-16] (Ross-Tech LLC)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-07-24] (Sony Ericsson Mobile Communications)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2009-02-13] (Western Digital Technologies) [File not signed]
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [82944 2014-09-29] (MBB)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 09:47 - 2015-05-21 09:47 - 00035274 _____ () C:\Users\Balu\Desktop\FRST.txt
2015-05-21 09:47 - 2015-05-21 09:47 - 00015327 _____ () C:\Users\Balu\Desktop\LM.bat
2015-05-21 09:47 - 2015-05-21 09:47 - 00000000 ____D () C:\FRST
2015-05-21 09:47 - 2015-05-21 09:46 - 00112640 _____ (forum.viry.cz) C:\Users\Balu\Desktop\FRSTLauncher.exe
2015-05-21 09:47 - 2015-05-21 09:45 - 02107904 _____ (Farbar) C:\Users\Balu\Desktop\FRST64.exe
2015-05-21 09:47 - 2015-05-21 09:45 - 01146880 _____ (Farbar) C:\Users\Balu\Desktop\FRST32.exe
2015-05-21 09:46 - 2015-05-21 09:47 - 00029696 _____ () C:\Users\Balu\AppData\Local\MSGBOX.EXE
2015-05-21 09:46 - 2015-05-21 09:46 - 00112640 _____ (forum.viry.cz) C:\Users\Balu\Downloads\FRSTLauncher.exe
2015-05-21 09:45 - 2015-05-21 09:45 - 02107904 _____ (Farbar) C:\Users\Balu\Downloads\FRST64.exe
2015-05-21 09:45 - 2015-05-21 09:45 - 01146880 _____ (Farbar) C:\Users\Balu\Downloads\FRST32.exe
2015-05-21 09:42 - 2015-05-21 09:42 - 00000000 ____H () C:\ProgramData\cm-lock
2015-05-21 00:17 - 2015-05-21 09:45 - 00000000 ____D () C:\Program Files (x86)\Picexa
2015-05-21 00:17 - 2015-05-21 00:17 - 00001800 _____ () C:\Users\Public\Desktop\Picexa.lnk
2015-05-21 00:17 - 2015-05-21 00:17 - 00000000 ____D () C:\Users\Balu\AppData\Roaming\Picexa Viewer
2015-05-21 00:17 - 2015-05-21 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
2015-05-21 00:17 - 2015-05-21 00:17 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-05-21 00:17 - 2015-05-21 00:17 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-13 23:39 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:39 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:37 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 16:37 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 16:37 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 16:37 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 16:37 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 16:37 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 16:37 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 16:37 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 16:37 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 16:37 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 16:37 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 16:37 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 16:37 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 16:37 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 16:37 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 16:37 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 16:37 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 16:37 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 16:37 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 16:37 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 16:37 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 16:37 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 16:37 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 16:37 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 16:37 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 16:37 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 16:37 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 16:37 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 16:37 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 16:37 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 16:37 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 16:37 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 16:37 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 16:37 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 16:37 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 16:37 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 16:37 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 16:37 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 16:37 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 16:37 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 16:37 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 16:37 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 16:37 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 16:37 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 16:37 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 16:37 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 16:37 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 16:37 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 16:37 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 16:37 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 16:37 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 16:37 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 16:37 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 16:37 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 16:37 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 16:37 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 16:37 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 16:37 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 16:37 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 16:37 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 16:37 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 16:37 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 16:37 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 16:37 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 16:37 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 16:37 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 16:37 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 16:37 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 16:37 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 16:37 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 16:37 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 16:37 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 16:37 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 16:37 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 16:37 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 16:37 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 16:37 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 16:36 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 16:36 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 16:36 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 16:36 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 16:36 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 16:36 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 16:36 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 16:36 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 16:36 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 16:36 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 08:27 - 2015-05-12 08:27 - 00169672 _____ (ESET) C:\Users\Balu\Downloads\ESETSuperfishCleaner.exe
2015-05-12 00:14 - 2015-05-21 00:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-10 13:04 - 2015-05-21 09:41 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-10 12:06 - 2015-05-21 00:16 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-05-10 12:05 - 2015-05-21 09:42 - 00002438 _____ () C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5_user.job
2015-05-10 12:05 - 2015-05-21 09:42 - 00002438 _____ () C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5.job
2015-05-10 12:05 - 2015-05-10 12:05 - 00005468 _____ () C:\Windows\System32\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5
2015-05-10 12:04 - 2015-05-21 09:42 - 00005176 _____ () C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-11.job
2015-05-10 12:04 - 2015-05-21 09:42 - 00004486 _____ () C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-4.job
2015-05-10 12:04 - 2015-05-21 09:42 - 00001682 _____ () C:\Windows\Tasks\BYAIAMUF.job
2015-05-10 12:04 - 2015-05-21 09:42 - 00001330 _____ () C:\Windows\Tasks\GNOK.job
2015-05-10 12:04 - 2015-05-21 09:41 - 00003466 _____ () C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-7.job
2015-05-10 12:04 - 2015-05-21 09:41 - 00003130 _____ () C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-6.job
2015-05-10 12:04 - 2015-05-21 09:41 - 00002104 _____ () C:\Windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-10_user.job
2015-05-10 12:04 - 2015-05-21 09:41 - 00000968 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-05-10 12:04 - 2015-05-21 00:09 - 00000972 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-05-10 12:04 - 2015-05-10 12:05 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.9cV16.03
2015-05-10 12:04 - 2015-05-10 12:04 - 02035200 _____ (Cinema PlusV16.03) C:\Users\Balu\AppData\Roaming\BYAIAMUF.exe
2015-05-10 12:04 - 2015-05-10 12:04 - 01380352 _____ (Cinema PlusV16.03) C:\Users\Balu\AppData\Roaming\GNOK.exe
2015-05-10 12:04 - 2015-05-10 12:04 - 00008206 _____ () C:\Windows\System32\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-11
2015-05-10 12:04 - 2015-05-10 12:04 - 00007516 _____ () C:\Windows\System32\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-4
2015-05-10 12:04 - 2015-05-10 12:04 - 00006496 _____ () C:\Windows\System32\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-7
2015-05-10 12:04 - 2015-05-10 12:04 - 00006158 _____ () C:\Windows\System32\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-6
2015-05-10 12:04 - 2015-05-10 12:04 - 00004704 _____ () C:\Windows\System32\Tasks\BYAIAMUF
2015-05-10 12:04 - 2015-05-10 12:04 - 00004352 _____ () C:\Windows\System32\Tasks\GNOK
2015-05-10 12:04 - 2015-05-10 12:04 - 00003970 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-05-10 12:04 - 2015-05-10 12:04 - 00003716 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-05-10 12:04 - 2015-05-10 12:04 - 00000000 ____D () C:\Users\Balu\AppData\Local\globalUpdate
2015-05-10 12:03 - 2015-05-10 12:03 - 03207291 _____ () C:\Users\Balu\Downloads\FileViewPro_2014KeyMakerwin.rar
2015-05-10 12:03 - 2015-05-10 12:03 - 00000000 ____D () C:\Users\Balu\Downloads\FileViewPro_2014KeyMakerwin
2015-05-10 11:56 - 2015-05-10 11:56 - 00000000 ____D () C:\Users\Balu\AppData\Local\FileViewPro
2015-05-10 11:56 - 2015-05-10 11:56 - 00000000 ____D () C:\Spacekace
2015-05-10 11:55 - 2015-05-10 11:55 - 02981504 _____ () C:\Users\Balu\Downloads\Setup_FileViewPro_[2015].exe
2015-04-30 11:42 - 2015-04-30 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
2015-04-30 11:42 - 2015-04-30 11:42 - 00002021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64.lnk
2015-04-30 11:42 - 2015-04-30 11:42 - 00000000 ____D () C:\Program Files\Media Player Classic - Home Cinema
2015-04-24 13:04 - 2015-04-24 13:04 - 02905049 _____ () C:\Users\Balu\Downloads\jako-zabit-ptacka.www.palmknihy.cz.154969.mobi
2015-04-23 18:37 - 2015-04-23 18:37 - 00000000 ____D () C:\Users\Balu\Downloads\Active-Password-Reset-bootcd-iso
2015-04-23 18:36 - 2015-04-23 18:36 - 04464618 _____ () C:\Users\Balu\Downloads\Active-Password-Reset-bootcd-iso.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 09:46 - 2014-03-26 00:41 - 00000000 ____D () C:\Users\Balu\AppData\Roaming\Seznam.cz
2015-05-21 09:46 - 2009-07-14 12:49 - 00669676 _____ () C:\Windows\system32\perfh005.dat
2015-05-21 09:46 - 2009-07-14 12:49 - 00141308 _____ () C:\Windows\system32\perfc005.dat
2015-05-21 09:46 - 2009-07-14 07:13 - 01586070 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 09:42 - 2012-12-18 00:43 - 00000000 ____D () C:\Users\Balu\AppData\Roaming\The Bat!
2015-05-21 09:41 - 2015-02-03 18:55 - 00076098 _____ () C:\Windows\setupact.log
2015-05-21 09:41 - 2014-04-07 22:15 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-21 09:41 - 2013-06-06 17:01 - 00000348 ____H () C:\Windows\Tasks\C__Users_Balu_Downloads_Flippingbook-Publisher_2.2.16.exe.job
2015-05-21 09:41 - 2012-12-18 10:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-21 09:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 03:21 - 2012-12-17 21:26 - 02090512 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 03:18 - 2013-01-06 19:49 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 01:10 - 2009-07-14 06:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 01:10 - 2009-07-14 06:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 00:17 - 2014-04-17 09:59 - 00000000 ____D () C:\Users\Balu\AppData\Local\CrashDumps
2015-05-21 00:16 - 2013-01-06 19:18 - 00001382 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-21 00:16 - 2012-12-17 21:25 - 00001284 _____ () C:\Users\Balu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-20 23:19 - 2014-05-11 02:11 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F15875AE-3D48-41C4-B470-FD762341B28E}
2015-05-18 01:22 - 2014-08-14 23:21 - 00000000 ____D () C:\Users\Balu\AppData\Local\Adobe
2015-05-18 01:22 - 2013-01-06 19:49 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-18 01:22 - 2013-01-06 19:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-18 01:22 - 2013-01-06 19:49 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-16 09:23 - 2012-12-18 01:54 - 00000000 ____D () C:\Users\Public\Documents\MobilEdit! Forensic
2015-05-16 08:08 - 2012-12-18 01:53 - 00000000 ____D () C:\Program Files (x86)\MOBILedit! Forensic
2015-05-16 08:07 - 2015-03-04 13:23 - 00001105 _____ () C:\Users\Public\Desktop\MOBILedit! Forensic.lnk
2015-05-16 08:07 - 2015-03-04 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILedit! Forensic
2015-05-14 12:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 08:42 - 2015-02-03 18:55 - 00003528 _____ () C:\Windows\PFRO.log
2015-05-14 08:42 - 2009-07-14 06:45 - 00612240 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 00:49 - 2009-07-14 13:07 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 23:40 - 2013-08-15 23:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 23:40 - 2012-12-23 22:44 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 08:15 - 2013-01-06 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-10 15:43 - 2013-08-13 13:02 - 00000000 ____D () C:\Users\Balu\Documents\! Formuláře
2015-05-05 11:45 - 2012-12-17 21:41 - 00000000 ____D () C:\Users\Balu\Documents\_RONDO
2015-05-01 23:08 - 2013-03-28 01:53 - 00000000 ____D () C:\Users\Balu\.kindle
2015-04-30 11:43 - 2014-10-01 23:54 - 00000000 ____D () C:\Users\Balu\AppData\Roaming\Media Player Classic
2015-04-29 20:36 - 2013-02-18 19:57 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-28 12:59 - 2014-03-04 02:43 - 00000000 __SHD () C:\Users\Balu\Phone Browser
2015-04-22 18:21 - 2012-12-18 02:20 - 00000000 ____D () C:\Users\Balu\AppData\Roaming\PC Suite

==================== Files in the root of some directories =======

2015-03-11 10:59 - 2015-03-11 10:59 - 0085658 _____ () C:\Program Files (x86)\Uninstal.exe
2014-11-26 12:34 - 2014-11-26 12:41 - 0000040 ___SH () C:\Users\Balu\AppData\Roaming\.zreglib
2014-05-06 14:58 - 2014-05-06 14:58 - 0003284 _____ () C:\Users\Balu\AppData\Roaming\ANIWZCS{15327810-2CB8-4EF3-9E27-D634ED700E9C}
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Balu\AppData\Roaming\BYAIAMUF
2015-05-10 12:04 - 2015-05-10 12:04 - 2035200 _____ (Cinema PlusV16.03) C:\Users\Balu\AppData\Roaming\BYAIAMUF.exe
2012-12-18 00:43 - 2013-01-04 12:41 - 0001248 _____ () C:\Users\Balu\AppData\Roaming\ex_log.txt
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Balu\AppData\Roaming\GNOK
2015-05-10 12:04 - 2015-05-10 12:04 - 1380352 _____ (Cinema PlusV16.03) C:\Users\Balu\AppData\Roaming\GNOK.exe
2013-02-23 14:01 - 2013-02-23 14:01 - 0022032 _____ () C:\Users\Balu\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2012-12-18 02:48 - 2014-12-13 00:44 - 0099384 _____ () C:\Users\Balu\AppData\Roaming\inst.exe
2014-09-04 18:08 - 2014-09-04 18:08 - 0009362 _____ () C:\Users\Balu\AppData\Roaming\Microsoft Excel 97-2003.EML
2012-12-18 02:48 - 2014-12-13 00:44 - 0007859 _____ () C:\Users\Balu\AppData\Roaming\pcouffin.cat
2012-12-18 02:48 - 2014-12-13 00:44 - 0001167 _____ () C:\Users\Balu\AppData\Roaming\pcouffin.inf
2012-12-18 02:48 - 2014-12-13 00:44 - 0000033 _____ () C:\Users\Balu\AppData\Roaming\pcouffin.log
2012-12-18 02:48 - 2014-12-13 00:44 - 0082816 _____ (VSO Software) C:\Users\Balu\AppData\Roaming\pcouffin.sys
2012-12-18 02:48 - 2015-03-15 22:07 - 0001057 _____ () C:\Users\Balu\AppData\Roaming\vso_ts_preview.xml
2013-01-26 01:44 - 2014-03-19 00:19 - 0008192 _____ () C:\Users\Balu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-17 00:51 - 2013-04-17 00:51 - 0004096 ____H () C:\Users\Balu\AppData\Local\keyfile3.drm
2015-05-21 09:46 - 2015-05-21 09:47 - 0029696 _____ () C:\Users\Balu\AppData\Local\MSGBOX.EXE
2014-07-19 12:11 - 2014-07-19 12:11 - 0000001 _____ () C:\Users\Balu\AppData\Local\RawCopy.1.10.agreement
2014-07-28 23:18 - 2014-07-28 23:18 - 0000008 _____ () C:\Users\Balu\AppData\Local\RawCopy.savedialog.dir
2014-07-28 23:18 - 2014-07-28 23:18 - 0000001 _____ () C:\Users\Balu\AppData\Local\RawCopy.savedialog.filterindex
2014-07-28 23:17 - 2014-07-28 23:17 - 0000001 _____ () C:\Users\Balu\AppData\Local\RawCopy.sourcedisk.index
2013-02-01 15:57 - 2013-02-02 00:06 - 0004586 _____ () C:\Users\Balu\AppData\Local\SRDownloader2.err
2013-02-01 15:59 - 2013-02-02 00:13 - 0001104 _____ () C:\Users\Balu\AppData\Local\SRDownloader2.nast
2015-05-21 09:42 - 2015-05-21 09:42 - 0000000 ____H () C:\ProgramData\cm-lock
2012-12-17 22:43 - 2012-12-17 23:41 - 0007106 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Balu\AppData\Local\Temp\ins.exe
C:\Users\Balu\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Balu\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\Balu\AppData\Local\Temp\swt-win32-3452.dll
C:\Users\Balu\AppData\Local\Temp\ytd-upgrade.exe
C:\Users\Balu\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-14 00:25

==================== End Of Log ============================

#4 Příspěvek od **vyosek** » 21 kvě 2015 12:09

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

misabalu · #5 Příspěvek od **misabalu** » 21 kvě 2015 12:27

Tady je log z AdwCleaner:

# AdwCleaner v4.204 - Log vytvořen 21/05/2015 v 13:24:54
# Aktualizováno 12/05/2015 by Xplode
# Databáze : 2015-05-20.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Balu - PC-BALU
# Spuštěno z : C:\Users\Balu\Desktop\adwcleaner_4.204.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : IHProtect Service
[#] Služba Smazáno : WindowsMangerProtect
[#] Služba Smazáno : PicexaService

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\WindowsMangerProtect
Složka Smazáno : C:\ProgramData\IHProtectUpDate
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
Složka Smazáno : C:\Program Files (x86)\XTab
Složka Smazáno : C:\Program Files (x86)\Picexa
Složka Smazáno : C:\Program Files (x86)\CinemaP-1.9cV16.03
Složka Smazáno : C:\Users\Balu\AppData\Local\globalUpdate
Složka Smazáno : C:\Users\Balu\AppData\Local\FileViewPro
Složka Smazáno : C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\Extensions\sweetsearch@gmail.com
Složka Smazáno : C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\Extensions\quick_searchff@gmail.com
Soubor Smazáno : C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\searchplugins\istartsurf.xml

***** [ Naplánované úlohy ] *****

Úloha Smazáno : globalUpdateUpdateTaskMachineCore
Úloha Smazáno : globalUpdateUpdateTaskMachineUA
Úloha Smazáno : e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-6
Úloha Smazáno : e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-7
Úloha Smazáno : e653cf25-f107-4cbe-b8d1-5dadaea354f2-10_user
Úloha Smazáno : e653cf25-f107-4cbe-b8d1-5dadaea354f2-11
Úloha Smazáno : e653cf25-f107-4cbe-b8d1-5dadaea354f2-4
Úloha Smazáno : e653cf25-f107-4cbe-b8d1-5dadaea354f2-5
Úloha Smazáno : e653cf25-f107-4cbe-b8d1-5dadaea354f2-5_user

***** [ Zástupci ] *****

Zástupce Vyléčeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Zástupce Vyléčeno : C:\Users\Balu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Zástupce Vyléčeno : C:\Users\Balu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Zástupce Vyléčeno : C:\Users\Balu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Zástupce Vyléčeno : C:\Users\Balu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk

***** [ Registry ] *****

Hodnota Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]
Hodnota Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Klíč Smazáno : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Klíč Smazáno : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Klíč Smazáno : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Klíč Smazáno : HKCU\Software\Mozilla\Extends
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Data Obnoveno : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2376214C-9BB8-4127-8A66-577872166791}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3A407B86-6124-418C-BB22-0A9436F346C8}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BE0A6D7-5685-4CAF-B3C1-F9A5B19EC892}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B59A7BB-A40A-4AEF-BE63-89444CA5496F}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4DA68D33-154F-4F35-84DE-A2C1C11FFD65}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{52BCD873-B76F-491F-B595-FB6547613332}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A2D8335-235E-4E5A-A917-EFB9943679D4}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B34F47F7-709F-4204-BE4A-E9A0C85AF8CD}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B5845345-FE21-4C9E-99D2-C3CC0F7EB2D5}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BE9737BF-0FE6-4764-9F0E-C50AEFD956D2}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D8D3DBDB-125A-4387-B5DC-848B999C5B9F}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Klíč Smazáno : HKCU\Software\GlobalUpdate
Klíč Smazáno : HKCU\Software\InstalledBrowserExtensions
Klíč Smazáno : HKCU\Software\CinemaP-1.9cV16.03
Klíč Smazáno : HKCU\Software\AppDataLow\Software\Crossrider
Klíč Smazáno : HKLM\SOFTWARE\delta-homesSoftware
Klíč Smazáno : HKLM\SOFTWARE\GlobalUpdate
Klíč Smazáno : HKLM\SOFTWARE\hdcode
Klíč Smazáno : HKLM\SOFTWARE\InstalledBrowserExtensions
Klíč Smazáno : HKLM\SOFTWARE\istartsurfSoftware
Klíč Smazáno : HKLM\SOFTWARE\SupDp
Klíč Smazáno : HKLM\SOFTWARE\SupTab
Klíč Smazáno : HKLM\SOFTWARE\supWindowsMangerProtect
Klíč Smazáno : HKLM\SOFTWARE\IHProtect
Klíč Smazáno : HKLM\SOFTWARE\FFPluginHp
Klíč Smazáno : HKLM\SOFTWARE\CinemaP-1.9cV16.03
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaP-1.9cV16.03
Klíč Smazáno : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17801

Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v36.0.1 (x86 cs)

[nipodq2y.default\prefs.js] - Řádek Smazáno : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?type=nt&ts= ... 4694446944");
[nipodq2y.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.alias", "delta-homes");
[nipodq2y.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.iconURL", "hxxp://search.delta-homes.com/favicon.ico");
[nipodq2y.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.name", "delta-homes");
[nipodq2y.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.url", "hxxp://search.delta-homes.com/web/?type=ds&ts=1432160193&z=d17cebc5a99240daeaec40bgcz9c7oag6qfe4gct2w&from=wpm05203&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M11469[...]
[nipodq2y.default\prefs.js] - Řádek Smazáno : user_pref("browser.startup.homepage", "hxxp://www.delta-homes.com/?type=hp&ts=1432160 ... 4694446944");
[nipodq2y.default\prefs.js] - Řádek Smazáno : user_pref("extensions.accf7276cd388480f88355b680025e1cagmailcom71387.71387.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[nipodq2y.default\prefs.js] - Řádek Smazáno : user_pref("extensions.accf7276cd388480f88355b680025e1cagmailcom71387.71387.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[nipodq2y.default\prefs.js] - Řádek Smazáno : user_pref("extensions.crossrider.bic", "14d44f18bdb785608c91745eb8bd2b2d");

*************************

AdwCleaner[R2].txt - [19021 bytů] - [21/05/2015 13:22:43]
AdwCleaner[S2].txt - [14193 bytů] - [21/05/2015 13:24:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [14252 bytů] ##########

#6 Příspěvek od **vyosek** » 21 kvě 2015 12:31

Pokracujte Zoek-em

misabalu · #7 Příspěvek od **misabalu** » 21 kvě 2015 12:33

zatím jede...

#8 Příspěvek od **vyosek** » 21 kvě 2015 12:41

OK, pockam si na log a pak uvidime co dale

misabalu · #9 Příspěvek od **misabalu** » 21 kvě 2015 12:45

Zoek ukončil logem:

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Balu on źt 21.05.2015 at 13:28:52,58.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Balu\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21.5.2015 13:29:35 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\FreeTime deleted successfully
C:\PROGRA~2\OpenVPN Technologies deleted successfully
C:\PROGRA~2\Samsung deleted successfully
C:\PROGRA~2\SlySoft deleted successfully
C:\PROGRA~2\Sony Ericsson deleted successfully
C:\PROGRA~2\COMMON~1\PDF Architect deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Anvsoft deleted successfully
C:\PROGRA~3\Copernic deleted successfully
C:\PROGRA~3\PDF Architect deleted successfully
C:\PROGRA~3\Pinnacle Studio Plus deleted successfully
C:\Users\Balu\AppData\Roaming\15820 deleted successfully
C:\Users\Balu\AppData\Roaming\1999 deleted successfully
C:\Users\Balu\AppData\Roaming\Amazon deleted successfully
C:\Users\Balu\AppData\Roaming\IrfanView deleted successfully
C:\Users\Balu\AppData\Roaming\Western Digital deleted successfully
C:\Users\Balu\AppData\Local\LogiShrd deleted successfully
C:\Users\Balu\AppData\Local\Samsung deleted successfully
C:\Users\Balu\AppData\Local\Western Digital deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\prefs.js:
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\prefs.js:

ProfilePath: C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_21.05.2015_1340_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Maxthon3\Shell\open\command]
@="C:\\Program Files (x86)\\Maxthon3\\Bin\\Maxthon.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\FreeTime not found
C:\PROGRA~2\OpenVPN Technologies not found
C:\PROGRA~2\Samsung not found
C:\PROGRA~2\SlySoft not found
C:\PROGRA~2\Sony Ericsson not found
C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\sweetsearch@gmail.com not found
C:\Users\Balu\AppData\Roaming\calibre deleted
C:\PROGRA~2\Phone Forensics Express deleted
C:\Users\Balu\AppData\Roaming\ex_log.txt deleted
C:\Users\Balu\AppData\Roaming\pcouffin.log deleted
C:\Users\Balu\AppData\Roaming\Thinstall deleted
C:\PROGRA~3\Elcomsoft Password Recovery deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\tasks\BYAIAMUF.job deleted
C:\windows\SysNative\tasks\BYAIAMUF deleted
C:\Windows\tasks\GNOK.job deleted
C:\windows\SysNative\tasks\GNOK deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\jetpack deleted
C:\Users\Balu\Desktop\Youtube Downloader.lnk deleted
C:\Users\Balu\AppData\Roaming\BYAIAMUF.exe deleted
C:\Users\Balu\AppData\Roaming\GNOK.exe deleted
C:\Users\Balu\AppData\Local\MSGBOX.EXE deleted
C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com deleted
"C:\Users\Balu\AppData\Roaming\ANIWZCS{15327810-2CB8-4EF3-9E27-D634ED700E9C}" deleted
"C:\Users\Balu\AppData\Roaming\BYAIAMUF" deleted
"C:\Users\Balu\AppData\Roaming\GNOK" deleted
"C:\Users\Balu\AppData\Roaming\.zreglib" deleted
"C:\ProgramData\cm-lock" not deleted
"C:\Users\Balu\AppData\Roaming\aspi\fav.hst" deleted
"C:\Users\Balu\AppData\Roaming\aspi\mru.hst" deleted
"C:\Users\Balu\AppData\Roaming\aspi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [21.02.2014 02:11]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default
- Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Balu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[21.12.2013 08:04]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Balu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Balu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Balu\AppData\Local\Mozilla\Firefox\Profiles\nipodq2y.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3385 folders=138 346192270 bytes)

==== Empty Temp Folders ======================

C:\Users\Balu\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser.PC-Balu\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Balu\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\cm-lock" not deleted

==== EOF on źt 21.05.2015 at 13:44:43,80 ======================

#10 Příspěvek od **vyosek** » 21 kvě 2015 13:03

Poprosim o novy log z FRST

misabalu · #11 Příspěvek od **misabalu** » 21 kvě 2015 13:07

Tak tady je opětovný log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Balu (administrator) on PC-BALU on 21-05-2015 14:06:51
Running from C:\Users\Balu\Desktop
Loaded Profiles: Balu (Available profiles: Balu & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AutoComSoft s.r.o.) C:\Auto-diagnostika\ADnews.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Users\Balu\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Balu\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(SEV Computing, s.r.o.) C:\Program Files (x86)\FinWin 1.0\FINWIN.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe
() C:\Program Files (x86)\ASUS\O!Direct\Server.exe
(Ritlabs S.R.L.) C:\Program Files (x86)\The Bat!\TheBat.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(forum.viry.cz) C:\Users\Balu\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Users\Balu\Desktop\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Slu~ba Acronis Scheduler2] => C:\Program Files (x86)\Common Files\Acronis\Plán2\schedhlp.exe [358832 2011-02-03] (Acronis)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [zzzHPSETUP] => I:\! DRIVERY\Scannery\_HP ScanJet 5590P\Win7-64\setup_full_5590_3\Setup.exe [653312 2009-08-04] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [FinWin 1.0] => C:\Program Files (x86)\FinWin 1.0\FINWIN.EXE [347648 2012-12-18] (SEV Computing, s.r.o.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5133968 2011-02-03] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [442896 2013-03-06] (Research In Motion Limited)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [O!Direct] => C:\Program Files (x86)\ASUS\O!Direct\O!Direct.exe [1383424 2011-04-21] (ASUSTeK COMPUTER INC.)
HKLM-x32\...\Run: [ACSW17EN] => C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984 2013-09-25] (ACD Systems)
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [WDICT32] => [X]
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [NBJ] => "H:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Balu\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Balu\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-06] ()
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {5573fe65-6a9d-11e4-be92-c8600098d2d8} - D:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {6cc7e7f3-84b4-11e2-a54f-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {749152d1-0e4e-11e4-b8d7-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {9e61287b-7d3a-11e4-a58c-c8600098d2d8} - D:\VTP_Manager.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {a20700e3-c1d9-11e2-9d5c-c8600098d2d8} - D:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {ca586cf1-01ad-11e4-992b-c8600098d2d8} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {cd9c1b59-0367-11e4-b9ea-c8600098d2d8} - D:\Autorun.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {d7dbdf2d-e9fe-11e2-a116-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {e54544b5-721f-11e4-8f01-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ADnews.lnk [2015-04-14]
ShortcutTarget: ADnews.lnk -> C:\Auto-diagnostika\ADnews.exe (AutoComSoft s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2013-01-14]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Balu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater-SVO.lnk [2015-04-15]
ShortcutTarget: RT-Updater-SVO.lnk -> C:\Auto-diagnostika\VCDS.exe (Ross-Tech, LLC)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-26] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-26] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-26] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-26] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-26] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Balu\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-26] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1079416441-1027052400-2168246751-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
BHO-x32: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\ProgramData\LangSoft\WebIE.dll [2013-02-27] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-11] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-11] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll [2013-02-27] ()
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files (x86)\Skyline\TerraExplorer\TerraExplorerX.dll [2014-06-25] (Skyline software systems Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-03-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1079416441-1027052400-2168246751-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Balu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml [2013-08-26]
FF Extension: Video DownloadHelper - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-21]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: No Name - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\quick_searchff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\sweetsearch@gmail.com [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe [1064480 2011-02-03] (Acronis)
S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-03-06] (Research In Motion Limited) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [724992 2006-10-09] (Nero AG) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2011-05-27] ()
R2 Správce výběru OS; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2156952 2010-10-28] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 ACSSCR; C:\Windows\System32\DRIVERS\a38usb.sys [62848 2014-08-21] (Advanced Card Systems Ltd.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 AVerPola; C:\Windows\System32\DRIVERS\AVerPola.sys [534144 2011-01-04] (AVerMedia TECHNOLOGIES, Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 CbFs; C:\Windows\system32\drivers\cbfs_x64.sys [191960 2009-08-19] (EldoS Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-03-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-03-10] (ESET)
R1 Ext2Fsd; C:\Windows\System32\Drivers\Ext2Fsd.sys [769304 2014-05-11] (www.ext2fsd.com)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2014-01-30] (QUALCOMM Incorporated)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R3 MIPDISKPNPv5; C:\Windows\System32\DRIVERS\MIPDISKPNPv5.sys [197752 2012-03-20] (GetData Pty Ltd)
R1 MIPDISKv564; C:\Windows\system32\drivers\MIPDISKv564.sys [65144 2012-04-27] (GetData Pty Ltd)
R3 MIPFSv5; C:\Windows\System32\DRIVERS\MIPFSv5.sys [345720 2012-05-02] (GetData Pty Ltd)
S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
S2 NSHE; C:\Windows\SysWOW64\Drivers\NSHE.SYS [97792 2008-11-23] (T0r0 2008) [File not signed]
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [70984 2010-06-16] (Ross-Tech LLC)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2012-07-24] (Sony Ericsson Mobile Communications)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2009-02-13] (Western Digital Technologies) [File not signed]
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [82944 2014-09-29] (MBB)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 14:06 - 2015-05-21 14:06 - 00029696 _____ () C:\Users\Balu\AppData\Local\MSGBOX.EXE
2015-05-21 14:06 - 2015-05-21 14:06 - 00015327 _____ () C:\Users\Balu\Desktop\LM.bat
2015-05-21 13:46 - 2015-05-21 13:51 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cffeda458e159b.job
2015-05-21 13:46 - 2015-05-21 13:51 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b4edffb785c.job
2015-05-21 13:44 - 2015-05-21 13:44 - 00000000 _____ () C:\ProgramData\cm-lock
2015-05-21 13:43 - 2015-05-21 13:28 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-21 13:29 - 2015-05-21 13:44 - 00012362 _____ () C:\zoek-results.log
2015-05-21 13:28 - 2015-05-21 13:40 - 00000000 ____D () C:\zoek_backup
2015-05-21 13:22 - 2015-05-21 13:24 - 00000000 ____D () C:\AdwCleaner
2015-05-21 13:21 - 2015-05-21 13:21 - 01308672 _____ () C:\Users\Balu\Desktop\zoek.exe
2015-05-21 13:20 - 2015-05-21 13:20 - 02209792 _____ () C:\Users\Balu\Desktop\adwcleaner_4.204.exe
2015-05-21 11:24 - 2015-05-21 11:24 - 02551727 _____ () C:\Users\Balu\Downloads\favbackup.zip
2015-05-21 09:47 - 2015-05-21 14:06 - 00025439 _____ () C:\Users\Balu\Desktop\FRST.txt
2015-05-21 09:47 - 2015-05-21 14:06 - 00000000 ____D () C:\FRST
2015-05-21 09:47 - 2015-05-21 09:46 - 00112640 _____ (forum.viry.cz) C:\Users\Balu\Desktop\FRSTLauncher.exe
2015-05-21 09:47 - 2015-05-21 09:45 - 02107904 _____ (Farbar) C:\Users\Balu\Desktop\FRST64.exe
2015-05-21 09:47 - 2015-05-21 09:45 - 01146880 _____ (Farbar) C:\Users\Balu\Desktop\FRST32.exe
2015-05-21 09:46 - 2015-05-21 09:46 - 00112640 _____ (forum.viry.cz) C:\Users\Balu\Downloads\FRSTLauncher.exe
2015-05-21 09:45 - 2015-05-21 09:45 - 02107904 _____ (Farbar) C:\Users\Balu\Downloads\FRST64.exe
2015-05-21 09:45 - 2015-05-21 09:45 - 01146880 _____ (Farbar) C:\Users\Balu\Downloads\FRST32.exe
2015-05-21 00:17 - 2015-05-21 00:17 - 00001800 _____ () C:\Users\Public\Desktop\Picexa.lnk
2015-05-21 00:17 - 2015-05-21 00:17 - 00000000 ____D () C:\Users\Balu\AppData\Roaming\Picexa Viewer
2015-05-13 23:39 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:39 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 16:37 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 16:37 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 16:37 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 16:37 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 16:37 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 16:37 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 16:37 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 16:37 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 16:37 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 16:37 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 16:37 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 16:37 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 16:37 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 16:37 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 16:37 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 16:37 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 16:37 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 16:37 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 16:37 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 16:37 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 16:37 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 16:37 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 16:37 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 16:37 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 16:37 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 16:37 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 16:37 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 16:37 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 16:37 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 16:37 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 16:37 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 16:37 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 16:37 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 16:37 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 16:37 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 16:37 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 16:37 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 16:37 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 16:37 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 16:37 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 16:37 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 16:37 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 16:37 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 16:37 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 16:37 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 16:37 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 16:37 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 16:37 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 16:37 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 16:37 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 16:37 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 16:37 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 16:37 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 16:37 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 16:37 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 16:37 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 16:37 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 16:37 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 16:37 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 16:37 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 16:37 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 16:37 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 16:37 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 16:37 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 16:37 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 16:37 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 16:37 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 16:37 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 16:37 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 16:37 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 16:37 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 16:37 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 16:37 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 16:37 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 16:37 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 16:37 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 16:37 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 16:37 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 16:37 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 16:36 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 16:36 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 16:36 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 16:36 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 16:36 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 16:36 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 16:36 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 16:36 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 16:36 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 16:36 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 08:27 - 2015-05-12 08:27 - 00169672 _____ (ESET) C:\Users\Balu\Downloads\ESETSuperfishCleaner.exe
2015-05-12 00:14 - 2015-05-21 00:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-10 13:04 - 2015-05-21 09:41 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-10 12:03 - 2015-05-10 12:03 - 03207291 _____ () C:\Users\Balu\Downloads\FileViewPro_2014KeyMakerwin.rar
2015-05-10 12:03 - 2015-05-10 12:03 - 00000000 ____D () C:\Users\Balu\Downloads\FileViewPro_2014KeyMakerwin
2015-05-10 11:56 - 2015-05-10 11:56 - 00000000 ____D () C:\Spacekace
2015-05-10 11:55 - 2015-05-10 11:55 - 02981504 _____ () C:\Users\Balu\Downloads\Setup_FileViewPro_[2015].exe
2015-04-30 11:42 - 2015-04-30 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
2015-04-30 11:42 - 2015-04-30 11:42 - 00002021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64.lnk
2015-04-30 11:42 - 2015-04-30 11:42 - 00000000 ____D () C:\Program Files\Media Player Classic - Home Cinema
2015-04-24 13:04 - 2015-04-24 13:04 - 02905049 _____ () C:\Users\Balu\Downloads\jako-zabit-ptacka.www.palmknihy.cz.154969.mobi
2015-04-23 18:37 - 2015-04-23 18:37 - 00000000 ____D () C:\Users\Balu\Downloads\Active-Password-Reset-bootcd-iso
2015-04-23 18:36 - 2015-04-23 18:36 - 04464618 _____ () C:\Users\Balu\Downloads\Active-Password-Reset-bootcd-iso.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 13:52 - 2009-07-14 06:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 13:52 - 2009-07-14 06:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 13:49 - 2014-03-26 00:41 - 00000000 ____D () C:\Users\Balu\AppData\Roaming\Seznam.cz
2015-05-21 13:48 - 2009-07-14 12:49 - 00669676 _____ () C:\Windows\system32\perfh005.dat
2015-05-21 13:48 - 2009-07-14 12:49 - 00141308 _____ () C:\Windows\system32\perfc005.dat
2015-05-21 13:48 - 2009-07-14 07:13 - 01586070 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 13:47 - 2012-12-17 21:26 - 01061081 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 13:46 - 2014-11-13 02:39 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cffeda458e159b
2015-05-21 13:46 - 2014-05-09 08:21 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf6b4edffb785c
2015-05-21 13:45 - 2012-12-18 00:43 - 00000000 ____D () C:\Users\Balu\AppData\Roaming\The Bat!
2015-05-21 13:44 - 2015-02-03 18:55 - 00076210 _____ () C:\Windows\setupact.log
2015-05-21 13:44 - 2015-02-03 18:55 - 00004104 _____ () C:\Windows\PFRO.log
2015-05-21 13:44 - 2015-01-24 15:47 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-21 13:44 - 2014-04-07 22:15 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-05-21 13:44 - 2013-06-06 17:01 - 00000348 ____H () C:\Windows\Tasks\C__Users_Balu_Downloads_Flippingbook-Publisher_2.2.16.exe.job
2015-05-21 13:44 - 2012-12-18 10:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-21 13:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 13:40 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-21 13:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-05-21 13:24 - 2013-01-06 19:18 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-21 13:24 - 2012-12-17 21:25 - 00000974 _____ () C:\Users\Balu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-21 13:18 - 2013-01-06 19:49 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 00:17 - 2014-04-17 09:59 - 00000000 ____D () C:\Users\Balu\AppData\Local\CrashDumps
2015-05-20 23:19 - 2014-05-11 02:11 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F15875AE-3D48-41C4-B470-FD762341B28E}
2015-05-18 01:22 - 2014-08-14 23:21 - 00000000 ____D () C:\Users\Balu\AppData\Local\Adobe
2015-05-18 01:22 - 2013-01-06 19:49 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-18 01:22 - 2013-01-06 19:49 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-18 01:22 - 2013-01-06 19:49 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-16 09:23 - 2012-12-18 01:54 - 00000000 ____D () C:\Users\Public\Documents\MobilEdit! Forensic
2015-05-16 08:08 - 2012-12-18 01:53 - 00000000 ____D () C:\Program Files (x86)\MOBILedit! Forensic
2015-05-16 08:07 - 2015-03-04 13:23 - 00001105 _____ () C:\Users\Public\Desktop\MOBILedit! Forensic.lnk
2015-05-16 08:07 - 2015-03-04 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILedit! Forensic
2015-05-14 12:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 08:42 - 2009-07-14 06:45 - 00612240 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 00:49 - 2009-07-14 13:07 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 23:44 - 2013-08-15 23:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 23:40 - 2012-12-23 22:44 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 08:15 - 2013-01-06 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-10 15:43 - 2013-08-13 13:02 - 00000000 ____D () C:\Users\Balu\Documents\! Formuláře
2015-05-05 11:45 - 2012-12-17 21:41 - 00000000 ____D () C:\Users\Balu\Documents\_RONDO
2015-05-01 23:08 - 2013-03-28 01:53 - 00000000 ____D () C:\Users\Balu\.kindle
2015-04-30 11:43 - 2014-10-01 23:54 - 00000000 ____D () C:\Users\Balu\AppData\Roaming\Media Player Classic
2015-04-29 20:36 - 2013-02-18 19:57 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-28 12:59 - 2014-03-04 02:43 - 00000000 __SHD () C:\Users\Balu\Phone Browser
2015-04-22 18:21 - 2012-12-18 02:20 - 00000000 ____D () C:\Users\Balu\AppData\Roaming\PC Suite

==================== Files in the root of some directories =======

2015-03-11 10:59 - 2015-03-11 10:59 - 0085658 _____ () C:\Program Files (x86)\Uninstal.exe
2013-02-23 14:01 - 2013-02-23 14:01 - 0022032 _____ () C:\Users\Balu\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2012-12-18 02:48 - 2014-12-13 00:44 - 0099384 _____ () C:\Users\Balu\AppData\Roaming\inst.exe
2014-09-04 18:08 - 2014-09-04 18:08 - 0009362 _____ () C:\Users\Balu\AppData\Roaming\Microsoft Excel 97-2003.EML
2012-12-18 02:48 - 2014-12-13 00:44 - 0007859 _____ () C:\Users\Balu\AppData\Roaming\pcouffin.cat
2012-12-18 02:48 - 2014-12-13 00:44 - 0001167 _____ () C:\Users\Balu\AppData\Roaming\pcouffin.inf
2012-12-18 02:48 - 2014-12-13 00:44 - 0082816 _____ (VSO Software) C:\Users\Balu\AppData\Roaming\pcouffin.sys
2012-12-18 02:48 - 2015-03-15 22:07 - 0001057 _____ () C:\Users\Balu\AppData\Roaming\vso_ts_preview.xml
2013-01-26 01:44 - 2014-03-19 00:19 - 0008192 _____ () C:\Users\Balu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-17 00:51 - 2013-04-17 00:51 - 0004096 ____H () C:\Users\Balu\AppData\Local\keyfile3.drm
2015-05-21 14:06 - 2015-05-21 14:06 - 0029696 _____ () C:\Users\Balu\AppData\Local\MSGBOX.EXE
2014-07-19 12:11 - 2014-07-19 12:11 - 0000001 _____ () C:\Users\Balu\AppData\Local\RawCopy.1.10.agreement
2014-07-28 23:18 - 2014-07-28 23:18 - 0000008 _____ () C:\Users\Balu\AppData\Local\RawCopy.savedialog.dir
2014-07-28 23:18 - 2014-07-28 23:18 - 0000001 _____ () C:\Users\Balu\AppData\Local\RawCopy.savedialog.filterindex
2014-07-28 23:17 - 2014-07-28 23:17 - 0000001 _____ () C:\Users\Balu\AppData\Local\RawCopy.sourcedisk.index
2013-02-01 15:57 - 2013-02-02 00:06 - 0004586 _____ () C:\Users\Balu\AppData\Local\SRDownloader2.err
2013-02-01 15:59 - 2013-02-02 00:13 - 0001104 _____ () C:\Users\Balu\AppData\Local\SRDownloader2.nast
2015-05-21 13:44 - 2015-05-21 13:44 - 0000000 _____ () C:\ProgramData\cm-lock
2012-12-17 22:43 - 2012-12-17 23:41 - 0007106 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-14 00:25

==================== End Of Log ============================

#12 Příspěvek od **vyosek** » 21 kvě 2015 16:30

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [ACSW17EN] => C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984 2013-09-25] (ACD Systems)
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [WDICT32] => [X]
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [NBJ] => "H:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Balu\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Balu\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-06] ()
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {5573fe65-6a9d-11e4-be92-c8600098d2d8} - D:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {6cc7e7f3-84b4-11e2-a54f-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {749152d1-0e4e-11e4-b8d7-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {9e61287b-7d3a-11e4-a58c-c8600098d2d8} - D:\VTP_Manager.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {a20700e3-c1d9-11e2-9d5c-c8600098d2d8} - D:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {ca586cf1-01ad-11e4-992b-c8600098d2d8} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {cd9c1b59-0367-11e4-b9ea-c8600098d2d8} - D:\Autorun.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {d7dbdf2d-e9fe-11e2-a116-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {e54544b5-721f-11e4-8f01-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2013-01-14]

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler-x32: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files (x86)\Skyline\TerraExplorer\TerraExplorerX.dll [2014-06-25] (Skyline software systems Inc.)

FF Extension: No Name - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\quick_searchff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\sweetsearch@gmail.com [Not Found]

DisableService: RichVideo

2015-05-21 14:06 - 2015-05-21 14:06 - 00029696 _____ () C:\Users\Balu\AppData\Local\MSGBOX.EXE
2015-05-21 14:06 - 2015-05-21 14:06 - 00015327 _____ () C:\Users\Balu\Desktop\LM.bat
2015-05-21 13:46 - 2015-05-21 13:51 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cffeda458e159b.job
2015-05-21 13:46 - 2015-05-21 13:51 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b4edffb785c.job
2015-05-21 13:43 - 2015-05-21 13:28 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-21 13:29 - 2015-05-21 13:44 - 00012362 _____ () C:\zoek-results.log
2015-05-21 13:28 - 2015-05-21 13:40 - 00000000 ____D () C:\zoek_backup
2015-05-21 13:22 - 2015-05-21 13:24 - 00000000 ____D () C:\AdwCleaner
2015-05-21 13:21 - 2015-05-21 13:21 - 01308672 _____ () C:\Users\Balu\Desktop\zoek.exe
2015-05-21 13:20 - 2015-05-21 13:20 - 02209792 _____ () C:\Users\Balu\Desktop\adwcleaner_4.204.exe
2015-05-21 11:24 - 2015-05-21 11:24 - 02551727 _____ () C:\Users\Balu\Downloads\favbackup.zip
2015-05-21 09:47 - 2015-05-21 14:06 - 00025439 _____ () C:\Users\Balu\Desktop\FRST.txt
2015-05-21 09:47 - 2015-05-21 09:46 - 00112640 _____ (forum.viry.cz) C:\Users\Balu\Desktop\FRSTLauncher.exe
2015-05-21 09:46 - 2015-05-21 09:46 - 00112640 _____ (forum.viry.cz) C:\Users\Balu\Downloads\FRSTLauncher.exe
2015-05-12 08:27 - 2015-05-12 08:27 - 00169672 _____ (ESET) C:\Users\Balu\Downloads\ESETSuperfishCleaner.exe

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

misabalu · #13 Příspěvek od **misabalu** » 21 kvě 2015 16:43

Tak toto je log, který opětně vyplivl RFST po fixu:

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Balu at 2015-05-21 17:36:10 Run:1
Running from C:\Users\Balu\Desktop
Loaded Profiles: Balu (Available profiles: Balu & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [ACSW17EN] => C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984 2013-09-25] (ACD Systems)
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [WDICT32] => [X]
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [NBJ] => "H:\Program Files (x86)\Ahead\Nero BackItUp\NBJ.exe"
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Balu\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Balu\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-06] ()
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {5573fe65-6a9d-11e4-be92-c8600098d2d8} - D:\NokiaPCIA_Autorun.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {6cc7e7f3-84b4-11e2-a54f-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {749152d1-0e4e-11e4-b8d7-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {9e61287b-7d3a-11e4-a58c-c8600098d2d8} - D:\VTP_Manager.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {a20700e3-c1d9-11e2-9d5c-c8600098d2d8} - D:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {ca586cf1-01ad-11e4-992b-c8600098d2d8} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {cd9c1b59-0367-11e4-b9ea-c8600098d2d8} - D:\Autorun.exe
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {d7dbdf2d-e9fe-11e2-a116-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\...\MountPoints2: {e54544b5-721f-11e4-8f01-c8600098d2d8} - "D:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2013-01-14]

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files (x86)\Skyline\TerraExplorer\TerraExplorerX.dll [2014-06-25] (Skyline software systems Inc.)

FF Extension: No Name - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\quick_searchff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\sweetsearch@gmail.com [Not Found]

DisableService: RichVideo

2015-05-21 14:06 - 2015-05-21 14:06 - 00029696 _____ () C:\Users\Balu\AppData\Local\MSGBOX.EXE
2015-05-21 14:06 - 2015-05-21 14:06 - 00015327 _____ () C:\Users\Balu\Desktop\LM.bat
2015-05-21 13:46 - 2015-05-21 13:51 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cffeda458e159b.job
2015-05-21 13:46 - 2015-05-21 13:51 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b4edffb785c.job
2015-05-21 13:43 - 2015-05-21 13:28 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-05-21 13:29 - 2015-05-21 13:44 - 00012362 _____ () C:\zoek-results.log
2015-05-21 13:28 - 2015-05-21 13:40 - 00000000 ____D () C:\zoek_backup
2015-05-21 13:22 - 2015-05-21 13:24 - 00000000 ____D () C:\AdwCleaner
2015-05-21 13:21 - 2015-05-21 13:21 - 01308672 _____ () C:\Users\Balu\Desktop\zoek.exe
2015-05-21 13:20 - 2015-05-21 13:20 - 02209792 _____ () C:\Users\Balu\Desktop\adwcleaner_4.204.exe
2015-05-21 11:24 - 2015-05-21 11:24 - 02551727 _____ () C:\Users\Balu\Downloads\favbackup.zip
2015-05-21 09:47 - 2015-05-21 14:06 - 00025439 _____ () C:\Users\Balu\Desktop\FRST.txt
2015-05-21 09:47 - 2015-05-21 09:46 - 00112640 _____ (forum.viry.cz) C:\Users\Balu\Desktop\FRSTLauncher.exe
2015-05-21 09:46 - 2015-05-21 09:46 - 00112640 _____ (forum.viry.cz) C:\Users\Balu\Downloads\FRSTLauncher.exe
2015-05-12 08:27 - 2015-05-12 08:27 - 00169672 _____ (ESET) C:\Users\Balu\Downloads\ESETSuperfishCleaner.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value Deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value Deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => value Deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 => value Deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value Deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ACSW17EN => value Deleted successfully.
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => value Deleted successfully.
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OEXPRESS => value Deleted successfully.
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WDICT32 => value Deleted successfully.
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NBJ => value Deleted successfully.
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value Deleted successfully.
HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value Deleted successfully.
"HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5573fe65-6a9d-11e4-be92-c8600098d2d8}" => Key Deleted successfully.
HKCR\CLSID\{5573fe65-6a9d-11e4-be92-c8600098d2d8} => Key not found.
"HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cc7e7f3-84b4-11e2-a54f-c8600098d2d8}" => Key Deleted successfully.
HKCR\CLSID\{6cc7e7f3-84b4-11e2-a54f-c8600098d2d8} => Key not found.
"HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{749152d1-0e4e-11e4-b8d7-c8600098d2d8}" => Key Deleted successfully.
HKCR\CLSID\{749152d1-0e4e-11e4-b8d7-c8600098d2d8} => Key not found.
"HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e61287b-7d3a-11e4-a58c-c8600098d2d8}" => Key Deleted successfully.
HKCR\CLSID\{9e61287b-7d3a-11e4-a58c-c8600098d2d8} => Key not found.
"HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a20700e3-c1d9-11e2-9d5c-c8600098d2d8}" => Key Deleted successfully.
HKCR\CLSID\{a20700e3-c1d9-11e2-9d5c-c8600098d2d8} => Key not found.
"HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca586cf1-01ad-11e4-992b-c8600098d2d8}" => Key Deleted successfully.
HKCR\CLSID\{ca586cf1-01ad-11e4-992b-c8600098d2d8} => Key not found.
"HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd9c1b59-0367-11e4-b9ea-c8600098d2d8}" => Key Deleted successfully.
HKCR\CLSID\{cd9c1b59-0367-11e4-b9ea-c8600098d2d8} => Key not found.
"HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7dbdf2d-e9fe-11e2-a116-c8600098d2d8}" => Key Deleted successfully.
HKCR\CLSID\{d7dbdf2d-e9fe-11e2-a116-c8600098d2d8} => Key not found.
"HKU\S-1-5-21-1079416441-1027052400-2168246751-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e54544b5-721f-11e4-8f01-c8600098d2d8}" => Key Deleted successfully.
HKCR\CLSID\{e54544b5-721f-11e4-8f01-c8600098d2d8} => Key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk => Moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\skyline" => Key Deleted successfully.
"HKCR\Wow6432Node\CLSID\{3a4f9195-65a8-11d5-85c1-0001023952c1}" => Key Deleted successfully.
C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\quick_searchff@gmail.com not found.
C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com not found.
C:\Users\Balu\AppData\Roaming\Mozilla\Firefox\Profiles\nipodq2y.default\extensions\sweetsearch@gmail.com not found.
RichVideo service was disabled
C:\Users\Balu\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Users\Balu\Desktop\LM.bat => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cffeda458e159b.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b4edffb785c.job => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Balu\Desktop\zoek.exe => Moved successfully.
C:\Users\Balu\Desktop\adwcleaner_4.204.exe => Moved successfully.
C:\Users\Balu\Downloads\favbackup.zip => Moved successfully.
C:\Users\Balu\Desktop\FRST.txt => Moved successfully.
"C:\Users\Balu\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Users\Balu\Downloads\FRSTLauncher.exe => Moved successfully.
C:\Users\Balu\Downloads\ESETSuperfishCleaner.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 231 MB temporary data.

The system needed a reboot.

==== End of Fixlog 17:36:22 ====

#14 Příspěvek od **vyosek** » 21 kvě 2015 16:50

Jak se chova PC nyni??

misabalu · #15 Příspěvek od **misabalu** » 21 kvě 2015 17:01

Ano, okno s blokovanou adresu již Eset nehlásí, vypadá to, že je už vše ok.
Moc děkuji a posílám na účet fóra příspěvek jako poděkování a na podporu činnosti.

VIRY.CZ

ESET: spolu s domácí stránkou okno se zablokovanou adresou

ESET: spolu s domácí stránkou okno se zablokovanou adresou

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres

Re: ESET: spolu s domácí stránkou okno se zablokovanou adres