pomalý počítač

[joflik]

Dobrý den,
počítač začal být ze dne na den velmi zpomalený.Použití Avastu ani CCleaneru nic nevyřešilo .

W7,CPU 3 GHz(vytížený cca do 50%), 4GB RAM
Za rady děkuju

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[joflik]

Zdravím...

# AdwCleaner v4.205 - Log vytvořen 24/05/2015 v 17:32:24
# Aktualizováno 21/05/2015 by Xplode
# Databáze : 2015-05-21.2 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x86)
# Uživatelské jméno : xx - XX-PC
# Spuštěno z : C:\Program Files\instal soubory\adwcleaner_4.205.exe
# Nastavení : Sken

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files\AdTrustMedia
Složka Nalezeno : C:\Program Files\AskPartnerNetwork
Složka Nalezeno : C:\ProgramData\AdTrustMedia
Složka Nalezeno : C:\ProgramData\apn
Složka Nalezeno : C:\ProgramData\AskPartnerNetwork
Složka Nalezeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Složka Nalezeno : C:\ProgramData\ytd video downloader
Složka Nalezeno : C:\Users\xx\AppData\Local\AskPartnerNetwork
Složka Nalezeno : C:\Users\xx\AppData\Local\genienext
Složka Nalezeno : C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Složka Nalezeno : C:\Users\xx\AppData\Local\Mobogenie
Složka Nalezeno : C:\Users\xx\AppData\Local\pokki
Složka Nalezeno : C:\Users\xx\AppData\Roaming\newnext.me
Složka Nalezeno : C:\Users\xx\AppData\Roaming\OpenCandy
Složka Nalezeno : C:\Users\xx\AppData\Roaming\QuickStoresToolbar
Složka Nalezeno : C:\Users\xx\Documents\Mobogenie
Složka Nalezeno : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Soubor Nalezeno : C:\Users\Public\Desktop\YTD Video Downloader.lnk
Soubor Nalezeno : C:\Users\xx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Soubor Nalezeno : C:\Users\xx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Soubor Nalezeno : C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Soubor Nalezeno : C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\mimd63ig.default\searchplugins\ask-search.xml
Soubor Nalezeno : C:\Users\xx\daemonprocess.txt
Soubor Nalezeno : C:\Users\xx\Desktop\QuickStores.url
Soubor Nalezeno : C:\Windows\system32\drivers\sp_rsdrv2.sys

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Klíč Nalezeno : HKCU\Software\AppDataLow\Software\adawarebp
Klíč Nalezeno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíč Nalezeno : HKCU\Software\Appscion
Klíč Nalezeno : HKCU\Software\Ask.com
Klíč Nalezeno : HKCU\Software\AskPartnerNetwork
Klíč Nalezeno : HKCU\Software\Classes\pokki
Klíč Nalezeno : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Klíč Nalezeno : HKCU\Software\InstallCore
Klíč Nalezeno : HKLM\SOFTWARE\Clara
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Klíč Nalezeno : HKLM\SOFTWARE\Iminent
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v38.0.1 (x86 cs)


-\\ Google Chrome v43.0.2357.65


*************************

AdwCleaner[R0].txt - [3790 bytů] - [24/05/2015 17:32:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3848 bytů] ##########

[Rudy]

Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[joflik]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by xx at 2015-05-24 18:37:19
Running from C:\Program Files\instal soubory
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-559609671-1680571382-3287071280-500 - Administrator - Disabled)
Guest (S-1-5-21-559609671-1680571382-3287071280-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-559609671-1680571382-3287071280-1004 - Limited - Enabled)
xx (S-1-5-21-559609671-1680571382-3287071280-1000 - Administrator - Enabled) => C:\Users\xx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{35CC81F8-F385-4B79-91A8-3163420F5D01}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
BF5R_PCS (C:\Program Files\5R_CPS\) (HKLM\...\ST6UNST #2) (Version: - )
BF5R_PCS (C:\Program Files\BF5R_CPS\) (HKLM\...\ST6UNST #3) (Version: - )
BF5R_PCS (HKLM\...\ST6UNST #1) (Version: - )
Connection Meter (HKLM\...\ConMet) (Version: - )
EAGLE 7.1.0 (HKLM\...\EAGLE 7.1.0) (Version: 7.1.0 - CadSoft Computer GmbH)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HamSphere 3.0.3.2 (HKLM\...\{726912E6-FB5A-4BFC-A97A-54D64E56D8D3}_is1) (Version: - RingJoeBing Holdings Ltd)
CHIRP (HKLM\...\CHIRP) (Version: - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 38.0.1 (x86 cs)) (Version: 38.0.1 - Mozilla)
Seznam Software (HKU\S-1-5-21-559609671-1680571382-3287071280-1000\...\SeznamInstall) (Version: - Seznam.cz)
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SondeMonitor 6.1.6.9 (HKLM\...\SondeMonitor_is1) (Version: - COAA)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Essentials Media Codec Pack 4.0 [32-Bit] (HKLM\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

23-04-2015 18:23:26 Naplánovaný kontrolní bod
01-05-2015 11:45:57 Naplánovaný kontrolní bod
08-05-2015 15:17:01 Naplánovaný kontrolní bod
16-05-2015 19:42:08 Naplánovaný kontrolní bod
23-05-2015 21:03:53 Naplánovaný kontrolní bod

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17729B35-C512-4B2E-A79E-0F27A7A90971} - System32\Tasks\{81BE0622-1A63-4E71-84C7-1CD6AA5D79D9} => pcalua.exe -a D:\Office2007prof\SETUP.EXE -d D:\Office2007prof
Task: {322924C8-79DA-48C3-964C-6446DE94A6F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {350403D0-A493-4CF6-BA1B-DE4C43E6EB7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {43789FBB-98B8-46D6-B208-0B33924480F8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {665A404F-9DB5-4202-97EF-0569BD9DD5D3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {72C43DF5-DAC0-47D2-A1F5-1E5CE97B9FD2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)
Task: {7E0931C7-4BC1-47FF-915E-0394ED991A2C} - System32\Tasks\avastBCLRestartS-1-5-21-559609671-1680571382-3287071280-1000 => Firefox.exe
Task: {A629388F-037D-49E4-854F-F73CFFD20083} - System32\Tasks\{C2FE7DFE-B256-4D2C-B080-94BE70F729A0} => Firefox.exe http://ui.skype.com/ui/0/7.4.0.102/cs/a ... rogressBar
Task: {AC0E9D52-1804-4373-B675-FA4D5D49B6CC} - System32\Tasks\Windows Codec Update Service => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2012-02-03] (MediaCodec.Org)
Task: {B9E45DAA-5D65-4BBA-A14C-CBD8E1D2E281} - System32\Tasks\{E53214E6-BA0D-4F05-B280-2F3A72F278C3} => pcalua.exe -a "C:\zaloha HDD 1-3\instal soubory\iview385.exe" -d "C:\zaloha HDD 1-3\instal soubory"
Task: {D6BA348B-D167-485D-9050-E0A6E3BD2D83} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D7527E24-56ED-486E-92EE-3CF9D48CF033} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {DC14C695-8271-4E1E-93E5-B7E53CCD6404} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F593EC40-23AD-4056-935A-B307000F142B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-15] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-23 11:52 - 2015-04-23 11:52 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-23 11:52 - 2015-04-23 11:52 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-23 20:02 - 2015-05-23 20:02 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052302\algo.dll
2015-05-24 14:52 - 2015-05-24 14:52 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052400\algo.dll
2014-01-20 23:39 - 2013-03-29 13:37 - 00059384 _____ () C:\Users\xx\AppData\Roaming\Seznam.cz\bin\10876libfoxloader.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00670808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:49 - 2015-03-10 18:49 - 00090128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00022032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00029712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00048152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00110104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 10575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02423264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00634896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00592896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00415760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00640512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00087536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00104944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00770064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00692768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00866304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00217600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00806408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00182280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00873480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01019896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00030224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00769544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00897040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00194048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00711672 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00677376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02370056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02667008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01013768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00046616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00998408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00766960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00304632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 02125840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00973304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00767480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00767480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00928280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-04-23 11:52 - 2015-04-23 11:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-08 18:33 - 2014-01-08 18:33 - 00024576 _____ () C:\Program Files\Winamp\winampa.exe
2014-08-27 18:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-27 18:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-27 18:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-10 18:49 - 2015-03-10 18:49 - 08216048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:49 - 2015-03-10 18:49 - 00405520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 01632248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:49 - 2015-03-10 18:49 - 00870408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2011-04-12 03:11 - 2011-04-12 03:11 - 05735369 _____ () C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
2010-05-30 07:08 - 2010-05-30 07:08 - 02417664 _____ () C:\Program Files\Vidalia Bundle\Vidalia\QtCore4.dll
2009-01-10 12:32 - 2009-01-10 12:32 - 00011362 _____ () C:\Program Files\Vidalia Bundle\Vidalia\mingwm10.dll
2009-06-22 20:42 - 2009-06-22 20:42 - 00043008 _____ () C:\Program Files\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll
2010-02-10 18:36 - 2010-02-10 18:36 - 09565184 _____ () C:\Program Files\Vidalia Bundle\Vidalia\QtGui4.dll
2010-02-10 18:11 - 2010-02-10 18:11 - 01148416 _____ () C:\Program Files\Vidalia Bundle\Vidalia\QtNetwork4.dll
2010-02-10 18:08 - 2010-02-10 18:08 - 00398336 _____ () C:\Program Files\Vidalia Bundle\Vidalia\QtXml4.dll
2015-01-28 11:26 - 2015-01-28 11:26 - 00258944 _____ () C:\Users\xx\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe
2015-01-28 11:26 - 2015-01-28 11:26 - 01139072 _____ () C:\Users\xx\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\adb_dev.dll
2015-01-28 11:25 - 2015-01-28 11:25 - 37930368 _____ () C:\Users\xx\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\core.dll
2014-01-20 23:39 - 2013-04-12 10:13 - 00457208 _____ () C:\Users\xx\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2014-01-20 23:39 - 2013-03-25 16:39 - 00894968 _____ () C:\Users\xx\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2014-01-20 23:39 - 2013-04-24 12:31 - 00081992 _____ () C:\Users\xx\AppData\Roaming\Seznam.cz\bin\libchinst.dll
2011-02-25 01:05 - 2011-02-25 01:05 - 02180096 _____ () C:\Program Files\Vidalia Bundle\Tor\tor.exe
2014-08-27 18:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-27 18:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-05-24 17:31 - 2015-05-24 17:31 - 02223104 _____ () C:\Program Files\instal soubory\adwcleaner_4.205.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-559609671-1680571382-3287071280-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\ACD Wallpaper.cmp
DNS Servers: 192.168.1.55

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C809F7DC-51F7-4A92-B8B7-2CB5B4387F90}] => (Allow) C:\Program Files\WandouLabs\wandoujia2.exe
FirewallRules: [{A476E478-A4B0-493B-AABE-1F7D5B9DB511}] => (Allow) C:\Program Files\WandouLabs\wandoujia2.exe
FirewallRules: [TCP Query User{F4F08E17-CF56-4038-B48C-864D990CDB66}C:\users\xx\appdata\roaming\wandoujia2\applications\2.69.0.5457\wandoujia2.exe] => (Allow) C:\users\xx\appdata\roaming\wandoujia2\applications\2.69.0.5457\wandoujia2.exe
FirewallRules: [UDP Query User{9D0843B7-3971-4001-A7B7-24C2F35FD15C}C:\users\xx\appdata\roaming\wandoujia2\applications\2.69.0.5457\wandoujia2.exe] => (Allow) C:\users\xx\appdata\roaming\wandoujia2\applications\2.69.0.5457\wandoujia2.exe
FirewallRules: [TCP Query User{193F7EAA-AA82-4A6C-8B2C-48653F78D044}C:\program files\spyware terminator\spywareterminatorupdate.exe] => (Allow) C:\program files\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{84F876DA-9712-48E3-B23F-E00A988A8AA0}C:\program files\spyware terminator\spywareterminatorupdate.exe] => (Allow) C:\program files\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [TCP Query User{F93786C8-8A60-43A1-B579-1A08FC8ECDC1}C:\program files\czechcrowncoin\czechcrowncoin-qt.exe] => (Block) C:\program files\czechcrowncoin\czechcrowncoin-qt.exe
FirewallRules: [UDP Query User{F78AC85B-AB16-4A96-8EA8-572D4A847BA9}C:\program files\czechcrowncoin\czechcrowncoin-qt.exe] => (Block) C:\program files\czechcrowncoin\czechcrowncoin-qt.exe
FirewallRules: [{6AD0A368-8133-427C-ACCD-CD09569F7B60}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{874EBD59-BD72-49EB-AA2D-910DE156454F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{30569C15-3ABB-4DCF-A6B7-C5113369B538}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{123DF7BD-693A-4D5E-BFE5-296A231EFB9F}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DBC807B8-A769-4E5D-BE87-F8AB7ACF76D3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{32080533-3C09-4C1C-B6FC-2F49E1D62862}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7D7B0148-5BCE-491F-8C89-3D51FFF06B0E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DA920825-83E6-4110-B1B6-215F8870EBB6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Zvukové zařízení High Definition Audio
Description: Zvukové zařízení High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Zařízení PCI
Description: Zařízení PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2015 11:50:56 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {52d499c5-681c-4208-8423-e320b709e9a4}

Error: (04/15/2015 08:53:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SDTray.exe, verze: 2.4.40.129, časové razítko: 0x535a51a2
Název chybujícího modulu: dhcpcsvc.DLL_unloaded, verze: 0.0.0.0, časové razítko: 0x4a5bd9b5
Kód výjimky: 0xc0000005
Posun chyby: 0x73001b2d
ID chybujícího procesu: 0xa7c
Čas spuštění chybující aplikace: 0xSDTray.exe0
Cesta k chybující aplikaci: SDTray.exe1
Cesta k chybujícímu modulu: SDTray.exe2
ID zprávy: SDTray.exe3

Error: (04/14/2015 10:08:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT) došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.


Operace:
Inicializace zálohy

Error: (04/06/2015 10:10:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SDTray.exe, verze: 2.4.40.129, časové razítko: 0x535a51a2
Název chybujícího modulu: dhcpcsvc6.DLL_unloaded, verze: 0.0.0.0, časové razítko: 0x50745f7c
Kód výjimky: 0xc0000005
Posun chyby: 0x73001730
ID chybujícího procesu: 0xa98
Čas spuštění chybující aplikace: 0xSDTray.exe0
Cesta k chybující aplikaci: SDTray.exe1
Cesta k chybujícímu modulu: SDTray.exe2
ID zprávy: SDTray.exe3

Error: (03/26/2015 05:55:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: xx-PC)
Description: Product: AdAwareInstaller -- Error 1706. No valid source could be found for product AdAwareInstaller. The Windows Installer cannot continue.

Error: (03/22/2015 02:14:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 36.0.4.5557, časové razítko: 0x550d0883
Název chybujícího modulu: mozalloc.dll, verze: 36.0.4.5557, časové razítko: 0x550cfa82
Kód výjimky: 0x80000003
Posun chyby: 0x00001e02
ID chybujícího procesu: 0x13fc
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3

Error: (03/22/2015 02:14:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program firefox.exe verze 36.0.4.5557 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1550

Čas spuštění: 01d064952a60e34f

Čas ukončení: 20

Cesta k aplikaci: C:\Program Files\Mozilla Firefox\firefox.exe

ID hlášení: f4ffa005-d08c-11e4-84b8-448a5b2833d8

Error: (03/21/2015 10:39:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WDPlatform.exe, verze: 1.0.2.1, časové razítko: 0x54c8a441
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18247, časové razítko: 0x521ea91c
Kód výjimky: 0xc0000005
Posun chyby: 0x00064b01
ID chybujícího procesu: 0x8ac
Čas spuštění chybující aplikace: 0xWDPlatform.exe0
Cesta k chybující aplikaci: WDPlatform.exe1
Cesta k chybujícímu modulu: WDPlatform.exe2
ID zprávy: WDPlatform.exe3

Error: (03/18/2015 01:58:50 PM) (Source: MsiInstaller) (EventID: 11706) (User: xx-PC)
Description: Product: AdAwareInstaller -- Error 1706. No valid source could be found for product AdAwareInstaller. The Windows Installer cannot continue.

Error: (03/12/2015 02:15:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 36.0.1.5542, časové razítko: 0x54f851c0
Název chybujícího modulu: mozalloc.dll, verze: 36.0.1.5542, časové razítko: 0x54f8437e
Kód výjimky: 0x80000003
Posun chyby: 0x00001e02
ID chybujícího procesu: 0x6b0
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3


System errors:
=============
Error: (05/24/2015 10:50:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Spybot-S&D 2 Scanner Service neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (05/24/2015 10:50:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Spybot-S&D 2 Scanner Service bylo dosaženo časového limitu (30000 ms).

Error: (05/23/2015 08:00:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Spybot-S&D 2 Scanner Service neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (05/23/2015 08:00:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Spybot-S&D 2 Scanner Service bylo dosaženo časového limitu (30000 ms).

Error: (05/23/2015 00:35:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Spybot-S&D 2 Scanner Service neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (05/23/2015 00:35:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Spybot-S&D 2 Scanner Service bylo dosaženo časového limitu (30000 ms).

Error: (05/22/2015 08:56:43 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Hlavní prohledávač přijal oznámení serveru od počítače MONIKANB,
který se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{64CF156F-4CD6-486E-BE76-944439F2D.
Hlavní prohledávač bude ukončen nebo bude vyvolána volba.

Error: (05/20/2015 09:38:55 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Název XX-PC :0 nelze zaregistrovat v rozhraní s IP adresou 192.168.1.104.
Počítač s IP adresou 192.168.1.103 nepovolil získání názvu
tímto počítačem.

Error: (05/20/2015 09:38:51 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Název XX-PC :20 nelze zaregistrovat v rozhraní s IP adresou 192.168.1.104.
Počítač s IP adresou 192.168.1.103 nepovolil získání názvu
tímto počítačem.

Error: (05/20/2015 09:38:51 AM) (Source: Server) (EventID: 2505) (User: )
Description: Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{64CF156F-4CD6-486E-BE76-944439F2D65E}, protože jiný počítač v síti má stejný název. Server nelze spustit.


Microsoft Office:
=========================
Error: (03/11/2014 10:23:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: AMD A4-4000 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 66%
Total physical RAM: 3041.82 MB
Available physical RAM: 1032.97 MB
Total Pagefile: 6081.92 MB
Available Pagefile: 4178.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1889.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:364.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 495A5FED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================

[joflik]

Z toho FRST jsou zřejmě tyto dva výstupy, tak dávám oba..nevím který je ten správný


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
Ran by xx (administrator) on XX-PC on 24-05-2015 18:46:16
Running from C:\Program Files\instal soubory
Loaded Profiles: xx (Available Profiles: xx)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\Winamp\winampa.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Mgr. Tomáš Papoušek) C:\Program Files\ConMet\ConMet.exe
() C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
() C:\Users\xx\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe
() C:\Users\xx\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Vidalia Bundle\Tor\tor.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6323928 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\Winampa.exe [24576 2014-01-08] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [8216048 2015-03-10] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-559609671-1680571382-3287071280-1000\...\Run: [ConMet] => C:\Program Files\ConMet\ConMet.exe [4911808 2015-01-04] (Mgr. Tomáš Papoušek)
HKU\S-1-5-21-559609671-1680571382-3287071280-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\xx\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-559609671-1680571382-3287071280-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\xx\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-559609671-1680571382-3287071280-1000\...\Run: [Vidalia] => C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe [5735369 2011-04-12] ()
Startup: C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk [2014-01-08]
ShortcutTarget: wandoujia_helper.lnk -> C:\Users\xx\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-23] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKU\S-1-5-21-559609671-1680571382-3287071280-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-559609671-1680571382-3287071280-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=20808
HKU\S-1-5-21-559609671-1680571382-3287071280-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-ww
SearchScopes: HKU\S-1-5-21-559609671-1680571382-3287071280-1000 -> {1D406016-260D-4DB5-A679-6B1E80E0B531} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_20808
SearchScopes: HKU\S-1-5-21-559609671-1680571382-3287071280-1000 -> {28C10B22-2857-4DC9-B945-FFDEF73EC3E9} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_20808
SearchScopes: HKU\S-1-5-21-559609671-1680571382-3287071280-1000 -> {41F81A0E-3CC1-4186-B1C1-8D1947F4C321} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_20808
SearchScopes: HKU\S-1-5-21-559609671-1680571382-3287071280-1000 -> {5793DAA4-901F-493C-93E5-F4163FAE3C8B} URL = http://www.mapy.cz/?query={searchTerms} ... arch_20808
SearchScopes: HKU\S-1-5-21-559609671-1680571382-3287071280-1000 -> {8974E06E-831F-4BC3-8B5D-2E40C766B3FF} URL = http://encyklopedie.seznam.cz/search?q= ... arch_20808
SearchScopes: HKU\S-1-5-21-559609671-1680571382-3287071280-1000 -> {8AFBCCFC-A47D-428A-A060-194208943310} URL = http://search.seznam.cz/?q={searchTerms ... arch_20808
SearchScopes: HKU\S-1-5-21-559609671-1680571382-3287071280-1000 -> {B98BCE6F-D965-4D2F-B5CB-CBDEFED2139C} URL = http://www.novinky.cz/hledej?w={searchT ... arch_20808
SearchScopes: HKU\S-1-5-21-559609671-1680571382-3287071280-1000 -> {B9C54D67-E67E-42FA-8DEC-46072676EDDA} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_20808
SearchScopes: HKU\S-1-5-21-559609671-1680571382-3287071280-1000 -> {C6F9927B-8665-4BD0-A7C1-938B7C7D3FC0} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_20808
BHO: No Name -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> No File
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-18] (Oracle Corporation)
BHO: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.55

FireFox:
========
FF ProfilePath: C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\mimd63ig.default
FF DefaultSearchEngine: Seznam
FF DefaultSearchUrl: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Seznam
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: https://www.seznam.cz/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-15] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\mimd63ig.default\searchplugins\ask-search.xml [2014-12-19]
FF SearchPlugin: C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\mimd63ig.default\searchplugins\seznam-avast.xml [2014-12-20]
FF Extension: Bing Search Engine - C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\mimd63ig.default\Extensions\bingsearch.full@microsoft.com [2015-04-03]
FF Extension: Garmin Communicator - C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\mimd63ig.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-02-04]
FF Extension: Adblock Plus - C:\Users\xx\AppData\Roaming\Mozilla\Firefox\Profiles\mimd63ig.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]
FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2015-05-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-08]

Chrome:
=======
CHR Profile: C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-26]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-04-03]
CHR Extension: (Bookmark Manager) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Avast Online Security) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-27]
CHR Extension: (Google Wallet) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-05-24]
CHR Extension: (Gmail) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]
CHR HKU\S-1-5-21-559609671-1680571382-3287071280-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-04-23] (Avast Software)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [670808 2015-03-10] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-23] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-23] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [408280 2015-01-22] (BitDefender S.R.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-04-23] (Avast Software)
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 18:35 - 2015-05-24 18:46 - 00000000 ____D () C:\FRST
2015-05-24 17:32 - 2015-05-24 17:33 - 00000000 ____D () C:\AdwCleaner
2015-05-24 14:11 - 2015-05-24 14:11 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-24 14:11 - 2015-05-24 14:11 - 00000000 _____ () C:\Windows\setupact.log
2015-05-22 22:40 - 2015-05-22 22:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-20 21:50 - 2015-05-20 21:50 - 00000000 ____D () C:\Users\xx\Desktop\Nová složka (3)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 18:46 - 2014-01-08 18:01 - 00000000 ____D () C:\ProgramData\ConMet
2015-05-24 18:45 - 2014-01-08 15:23 - 00000000 ____D () C:\Program Files\instal soubory
2015-05-24 18:23 - 2014-10-21 21:07 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 18:21 - 2014-10-04 20:43 - 00000000 ____D () C:\Users\xx\AppData\Roaming\Tor
2015-05-24 18:03 - 2014-01-26 15:05 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 16:25 - 2009-07-14 06:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 16:25 - 2009-07-14 06:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 10:57 - 2014-01-20 23:40 - 00000000 ____D () C:\Users\xx\AppData\Roaming\Media Player Classic
2015-05-24 10:55 - 2014-01-20 23:39 - 00000000 ____D () C:\Users\xx\AppData\Roaming\Seznam.cz
2015-05-24 10:54 - 2014-01-08 15:00 - 01158049 ____N () C:\Windows\WindowsUpdate.log
2015-05-24 10:51 - 2014-12-22 10:12 - 00002281 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-24 10:51 - 2014-01-08 18:01 - 00000000 ____D () C:\Users\xx\AppData\Roaming\ConMet
2015-05-24 10:50 - 2014-11-21 10:45 - 00000000 ____D () C:\Users\xx\AppData\Roaming\Vidalia
2015-05-24 10:50 - 2014-01-26 15:05 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 10:50 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 12:35 - 2014-01-08 15:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-22 09:04 - 2014-01-26 15:06 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 12:29 - 2014-01-08 15:15 - 01624736 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-19 14:34 - 2014-01-12 11:01 - 00001255 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-05-15 10:03 - 2014-10-21 20:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-15 10:03 - 2014-10-21 20:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-15 10:03 - 2014-08-22 18:39 - 00000000 ____D () C:\Users\xx\AppData\Local\Adobe
2015-05-13 19:25 - 2014-02-05 15:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 13:13 - 2014-01-08 20:26 - 00000000 ____D () C:\Users\xx\AppData\Roaming\Wandoujia2
2015-05-11 16:04 - 2014-01-08 23:33 - 00000000 ____D () C:\Users\xx\Desktop\iveta
2015-05-10 13:20 - 2014-01-08 18:21 - 00000000 ____D () C:\Users\xx\AppData\Roaming\Skype
2015-05-03 11:15 - 2014-01-08 23:37 - 00000000 ____D () C:\Users\xx\Desktop\hamradio
2015-04-30 21:14 - 2014-12-09 22:37 - 00000000 ____D () C:\Users\xx\Desktop\návody
2015-04-30 20:59 - 2014-01-08 18:21 - 00000000 ____D () C:\ProgramData\Skype
2015-04-24 20:18 - 2015-02-11 22:10 - 00000000 ____D () C:\Users\xx\Desktop\Nová složka (2)

==================== Files in the root of some directories =======

2014-01-11 23:58 - 2013-09-14 15:27 - 6590600 _____ (http://www.goforfiles.com/) C:\Program Files\mach3_pach_downloader_cz_224.exe
2014-01-09 22:55 - 2015-04-07 21:22 - 0122880 _____ () C:\Users\xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 12:17

==================== End of log =========================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [] => [X]
ShortcutTarget: wandoujia_helper.lnk -> C:\Users\xx\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe ()
CHR HKU\S-1-5-21-559609671-1680571382-3287071280-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> No File
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
C:\Program Files\Microsoft\BingBar
Toolbar: HKLM - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-04-03]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\xx\AppData\Roaming\Wandoujia2
End

Uložte do C:\Program Files\instal soubory jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[joflik]

došlo k restartu pc....výsledek je zde

Fix result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by xx at 2015-05-24 19:29:44 Run:1
Running from C:\Program Files\instal soubory
Loaded Profiles: xx (Available Profiles: xx)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [] => [X]
ShortcutTarget: wandoujia_helper.lnk -> C:\Users\xx\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe ()
CHR HKU\S-1-5-21-559609671-1680571382-3287071280-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -> No File
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
C:\Program Files\Microsoft\BingBar
Toolbar: HKLM - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-12] (Microsoft Corporation.)
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-04-03]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\xx\AppData\Roaming\Wandoujia2
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value Removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully.
C:\Users\xx\AppData\Roaming\Wandoujia2\Applications\2.76.0.7151\wandoujia_helper.exe => Moved successfully.
"HKU\S-1-5-21-559609671-1680571382-3287071280-1000\SOFTWARE\Policies\Google" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}" => key Removed successfully.
HKCR\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}" => key Removed successfully.
"HKCR\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}" => key Removed successfully.
C:\Program Files\Microsoft\BingBar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} => value Removed successfully.
HKCR\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} => value Removed successfully.
"HKCR\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}" => key Removed successfully.
Firefox SearchEngineOrder.3 Removed successfully.
Firefox SelectedSearchEngine Removed successfully.
Firefox Keyword.URL Removed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully.
C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

"C:\Users\xx\AppData\Roaming\Wandoujia2" folder move:

Could not move "C:\Users\xx\AppData\Roaming\Wandoujia2" folder => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-24 19:32:04)<=

C:\Users\xx\AppData\Roaming\Wandoujia2 => Moved successfully

==== End of Fixlog 19:32:04 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[joflik]

Bohužel změna žádná...

[Rudy]

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[joflik]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 24.5.2015
Čas skenování: 21:58:05
Protokol: tt.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.05.24.03
Databáze rootkitů: v2015.05.16.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: xx

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 314603
Uplynulý čas: 19 min, 51 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 5
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, , [cea54e49bfcbc76fdd329bc7cf341ce4],
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, , [cea54e49bfcbc76fdd329bc7cf341ce4],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, , [482b197e6f1b87afd4bb1d0fe22236ca],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-559609671-1680571382-3287071280-1000\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [a6cdf6a1434770c6b2f33bf09371c040],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-559609671-1680571382-3287071280-1000\SOFTWARE\INSTALLCORE, , [79fa6e29751577bf056297aa35d0659b],

Hodnoty registru: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-559609671-1680571382-3287071280-1000\SOFTWARE\INSTALLCORE|tb, 1T1I2P1H1L1I1M1N1Q1E2Q1D1KyE, , [79fa6e29751577bf056297aa35d0659b]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 4
PUP.Optional.OpenCandy, C:\Users\xx\AppData\Roaming\OpenCandy, , [2e45395e2b5fd85e41c68a20f40fc838],
PUP.Optional.OpenCandy, C:\Users\xx\AppData\Roaming\OpenCandy\D95E34551E964BCEA03F751B8BDEF342, , [2e45395e2b5fd85e41c68a20f40fc838],
PUP.Optional.NextLive.A, C:\Users\xx\AppData\Roaming\newnext.me, , [9ed5d6c1b5d5989ec7c0f1baf80b9070],
PUP.Optional.NextLive.A, C:\Users\xx\AppData\Roaming\newnext.me\cache, , [9ed5d6c1b5d5989ec7c0f1baf80b9070],

Soubory: 7
PUP.Optional.Spigot, C:\ProgramData\YTD Video Downloader\ytd_installer.exe, , [9ad97522d7b3d36392e53e9090718c74],
PUP.Optional.GoForFiles.A, C:\Program Files\mach3_pach_downloader_cz_224.exe, , [23500d8af793fe38d1333020ad540ff1],
PUP.Optional.Spigot.A, C:\Program Files\instal soubory\youtube-downloader_4.7.exe, , [205321766f1b47ef874d47e1db25ec14],
PUP.Optional.OpenCandy, C:\Program Files\instal soubory\PhotoScape_V3.6.4.exe, , [22517522ec9eb284ee2e79d696704fb1],
PUP.Optional.OpenCandy, C:\Users\xx\AppData\Roaming\OpenCandy\D95E34551E964BCEA03F751B8BDEF342\PokkiInstaller.exe, , [2e45395e2b5fd85e41c68a20f40fc838],
PUP.Optional.NextLive.A, C:\Users\xx\AppData\Roaming\newnext.me\nengine.cookie, , [9ed5d6c1b5d5989ec7c0f1baf80b9070],
PUP.Optional.NextLive.A, C:\Users\xx\AppData\Roaming\newnext.me\cache\spark.bin, , [9ed5d6c1b5d5989ec7c0f1baf80b9070],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Rudy]

Všechny nálezy smažte.

[joflik]

smazáno.
beze změny k lepšímu

[Rudy]

Co jste instaloval těsně před tím, než se problém objevil?