notebook neposlucha

Zpráva

miGGuel · #1 Příspěvek od **miGGuel** » 12 črc 2015 15:44

Zdravím, synovia mali posledné obdobie môj noťas a vidím, že mi ide notebook celkovo pomalšie a myslím že aj nejaký vír sa v ňom nájde tak poprosím o kontrolu...

Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2015-07-12 16:41:57
Microsoft Windows 8.1 so službou Bing
System drive C: has 119 GB (63%) free of 191 GB
Total RAM: 3983 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:42:02, on 12.7.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... XXW3P4EMND
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... XXW3P4EMND
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... XXW3P4EMND
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... XXW3P4EMND
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AuutooDeialosApePa - {6F9834CE-BBF5-4F63-B69C-65DD5EB45793} - C:\Program Files (x86)\AuutooDeialosApePa\o0qThwm3yuBiO0.dll
O2 - BHO: AAlllSaver - {A188F79D-404D-40E6-B993-3771D288C862} - C:\Program Files (x86)\AAlllSaver\Si8lAT8IXkOFVq.dll
O2 - BHO: AllSaverr - {A5AF31D9-E96E-438A-97A9-2269A759ABD8} - C:\Program Files (x86)\AllSaverr\xVsw8WWXcHTgnZ.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Michal\AppData\Local\Akamai\netsession_win.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Clash of Clans.lnk = C:\ProgramData\{66458875-5f61-1ba3-6645-588755f621d5}\Clash of Clans.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ratty Coat - Unknown owner - C:\Program Files (x86)\Ratty Coat\Ratty Coat.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 9197 bytes

======Listing Processes======

wininit.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemImprove\SystemImprove.dll",serv
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemImprove\SystemImprove.dll",serv
"C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
dashost.exe {77f46fba-109e-450f-a7edca220e7bd412}
"C:\Program Files (x86)\Ratty Coat\Ratty Coat.exe"
"C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}

"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"
"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android
"C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe"
"C:\Program Files (x86)\BlueStacks\HD-Network.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a724340e-5254-4c4d-a3f4-8bbc7185f506 -SystemEventPortName:HostProcess-2754b108-c3b5-41e1-8ed8-3f2259f68b35 -IoCancelEventPortName:HostProcess-cae131d1-0ea9-4e6b-8319-806f12396ac7 -NonStateChangingEventPortName:HostProcess-613c60cc-c6c0-4b34-a5cb-f12cd3265364 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:59369f89-910b-4980-a290-2619dfd50036 -DeviceGroupId:WudfDefaultDevicePool
\??\C:\Windows\system32\conhost.exe 0x4

C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
C:\Windows\Explorer.EXE
KBFiltr.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe" /H
"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
taskhostex.exe
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"

"C:\Windows\system32\igfxsrvc.exe" -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
"C:\Program Files (x86)\BlueStacks\HD-Agent.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1796.0.558763405\300336208" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,20,43 --gpu-vendor-id=0x8086 --gpu-device-id=0x0f31 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3408 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=sk --force-fieldtrials="BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_07/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=1796 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="1796.2.1204337460\1855543245" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=sk --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_07/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=1796 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="1796.3.373841090\626246021" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=sk --force-fieldtrials="*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_07/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_11/*UMA-Uniformity-Trial-50-Percent/default/UMAInitialMetricsTiming/Control/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=1796 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="1796.6.191774121\511817811" /prefetch:673131151
"C:\Users\Michal\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Bidaily Synchronize Task.job - C:\ProgramData\{ec80f50a-162c-909d-ec80-0f50a162d428}\Clash of Clans.exe --startup=1 --single
C:\Windows\tasks\CodeItFast.job - c:\programdata\{f9cb3225-9dcf-be1d-f9cb-b32259dcc896}\689923946697359598b.exe --startup=1 --single

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F9834CE-BBF5-4F63-B69C-65DD5EB45793}]
AuutooDeialosApePa - C:\Program Files (x86)\AuutooDeialosApePa\o0qThwm3yuBiO0.x64.dll [2015-06-09 887296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A188F79D-404D-40E6-B993-3771D288C862}]
AAlllSaver - C:\Program Files (x86)\AAlllSaver\Si8lAT8IXkOFVq.x64.dll [2015-06-26 885248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5AF31D9-E96E-438A-97A9-2269A759ABD8}]
AllSaverr - C:\Program Files (x86)\AllSaverr\xVsw8WWXcHTgnZ.x64.dll [2015-06-26 885248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F9834CE-BBF5-4F63-B69C-65DD5EB45793}]
AuutooDeialosApePa - C:\Program Files (x86)\AuutooDeialosApePa\o0qThwm3yuBiO0.dll [2015-06-09 822272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A188F79D-404D-40E6-B993-3771D288C862}]
AAlllSaver - C:\Program Files (x86)\AAlllSaver\Si8lAT8IXkOFVq.dll [2015-06-26 817664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5AF31D9-E96E-438A-97A9-2269A759ABD8}]
AllSaverr - C:\Program Files (x86)\AllSaverr\xVsw8WWXcHTgnZ.dll [2015-06-26 817664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-02-19 391152]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-02-19 771568]
"Persistence"=C:\Windows\system32\igfxpers.exe [2014-02-19 770544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2014-02-25 134784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]
"Akamai NetSession Interface"=C:\Users\Michal\AppData\Local\Akamai\netsession_win.exe [2014-10-29 4673432]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2014-04-23 1080992]
"WebStorage"=C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [2014-02-25 63296]
"BlueStacks Agent"=C:\Program Files (x86)\BlueStacks\HD-Agent.exe [2015-07-06 888440]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2014-02-25 134784]

C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Clash of Clans.lnk - C:\ProgramData\{66458875-5f61-1ba3-6645-588755f621d5}\Clash of Clans.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2014-01-16 624640]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-07-08 17:06:03 ----D---- C:\FunFirst
2015-07-08 17:02:36 ----D---- C:\Users\Michal\AppData\Roaming\FunFirst
2015-06-30 23:57:37 ----D---- C:\Program Files (x86)\Ratty Coat
2015-06-26 10:45:13 ----D---- C:\Program Files (x86)\AAlllSaver
2015-06-26 10:45:00 ----D---- C:\Program Files (x86)\AllSavveR
2015-06-26 10:44:58 ----D---- C:\Program Files (x86)\LiveHive Email Content Tracking Analytics
2015-06-26 10:43:39 ----D---- C:\Program Files (x86)\AllSaverr

======List of files/folders modified in the last 1 month======

2015-07-12 16:42:00 ----D---- C:\Program Files\trend micro
2015-07-12 16:16:09 ----D---- C:\Windows\system32\sru
2015-07-12 15:15:58 ----D---- C:\Users\Michal\AppData\Roaming\TS3Client
2015-07-12 12:00:26 ----D---- C:\Windows\system32\Tasks
2015-07-12 01:22:16 ----D---- C:\Windows\system32\NDF
2015-07-12 01:21:51 ----D---- C:\Windows\Prefetch
2015-07-12 01:20:23 ----AD---- C:\Windows\Temp
2015-07-12 01:17:00 ----AD---- C:\Windows
2015-07-11 17:36:42 ----D---- C:\Users\Michal\AppData\Roaming\vlc
2015-07-11 16:04:39 ----D---- C:\Windows\system32\config
2015-07-10 23:12:20 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2015-07-10 18:30:57 ----D---- C:\Windows\Microsoft.NET
2015-07-10 18:19:43 ----RD---- C:\Program Files (x86)
2015-07-09 21:32:16 ----D---- C:\Windows\CbsTemp
2015-07-09 21:27:14 ----RSD---- C:\Windows\assembly
2015-07-08 17:11:21 ----SHD---- C:\Windows\Installer
2015-07-08 17:04:00 ----SHD---- C:\System Volume Information
2015-07-08 11:53:21 ----D---- C:\ProgramData\BlueStacksSetup
2015-07-08 11:39:10 ----D---- C:\ProgramData\BlueStacks
2015-07-08 11:39:03 ----D---- C:\Program Files (x86)\BlueStacks
2015-07-06 11:38:10 ----D---- C:\Windows\AppReadiness
2015-07-05 20:59:11 ----RD---- C:\Windows\System32
2015-07-05 20:59:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-07-05 20:59:10 ----D---- C:\Windows\Inf
2015-07-05 20:29:01 ----D---- C:\Program Files (x86)\Windows Defender
2015-07-05 20:28:39 ----D---- C:\Program Files\Windows Defender
2015-07-04 11:55:49 ----HD---- C:\Program Files\WindowsApps
2015-06-26 10:45:15 ----D---- C:\ProgramData\8216314285428141607
2015-06-24 16:33:41 ----D---- C:\Windows\system32\drivers
2015-06-19 16:22:10 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTATH_BUS;@oem21.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2014-02-25 35016]
R0 MBI;@oem8.inf,%MBI.SVCDESC%;Intel(R) Sideband Fabric Device Service; C:\Windows\System32\drivers\MBI.sys [2013-10-28 29464]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2013-07-02 19768]
R1 dtsoftbus01;@oem50.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2015-02-04 283064]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2014-11-21 916024]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2014-11-21 128080]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2015-07-06 145528]
R3 AiCharger;ASUS Charger Driver; C:\Windows\system32\DRIVERS\AiCharger.sys [2014-03-27 17152]
R3 AthBTPort;@oem24.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2014-02-25 89800]
R3 athr;@oem20.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwbx.sys [2014-03-06 3892224]
R3 ATP;@oem17.inf,%PS2.DeviceDesc%;ASUS Input Device; C:\Windows\System32\drivers\AsusTP.sys [2014-03-31 71952]
R3 BTATH_A2DP;@oem23.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2014-02-25 355528]
R3 btath_avdt;@oem23.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2014-02-25 118984]
R3 BTATH_HCRP;@oem26.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2014-02-25 179432]
R3 BTATH_LWFLT;@oem28.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2014-02-25 77464]
R3 BTATH_RCP;@oem30.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2014-02-25 137928]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2014-02-25 598216]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2014-07-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 GPIO;@oem10.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpioe.sys [2013-11-11 31232]
R3 HIDSwitch;@oem27.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\Windows\System32\drivers\AsHIDSwitch64.sys [2013-10-08 20280]
R3 iaioi2c;@oem9.inf,%Driver_Service.Desc%;I2C Controller Service; C:\Windows\System32\drivers\iaioi2ce.sys [2013-11-11 67584]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-01-16 4222976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2015-05-19 4466392]
R3 IntcDAud;@oem12.inf,%IntcDAud.SvcDesc%;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-01-16 450520]
R3 iwdbus;@oem15.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2013-12-27 27032]
R3 kbfiltr;@oem25.inf,%kbfiltr.SvcDesc%;Keyboard Filter; C:\Windows\System32\drivers\kbfiltr.sys [2012-08-06 17280]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RSBASTOR;@oem19.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\Windows\system32\DRIVERS\RtsBaStor.sys [2013-07-12 309976]
R3 RTL8168;@oem18.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2014-01-08 848088]
R3 TXEIx64;@oem11.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\Windows\System32\drivers\TXEIx64.sys [2014-01-15 88592]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-12-16 632168]
S3 AgereSoftModem;@mdmags64.inf,%FullProductName%;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2013-06-18 1146880]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2014-10-29 1198080]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 intaud_WaveExtensible;@oem14.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-12-27 38296]
S3 NETwNs64;@netwsw00.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\Netwsw00.sys [2013-06-18 11518976]
S3 Point64;@oem59.inf,%point64.SvcDesc%;Microsoft Mouse and Keyboard Center Filter Driver; C:\Windows\System32\drivers\point64.sys [2014-03-19 50896]
S3 RTL8192su;@net8192su64.inf,%RTL8192su.DeviceDesc.DispName%;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2013-06-18 694856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2014-11-21 141440]
S3 VBoxNetFlt;@oem65.inf,%VBoxNetFltService_Desc%;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 991bc3fc;SystemImprove; C:\Windows\syswow64\rundll32.exe [2013-08-22 49664]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [2014-03-26 115512]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [2014-02-25 71680]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2014-02-25 319104]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-01 733696]
R2 Ratty Coat;Ratty Coat; C:\Program Files (x86)\Ratty Coat\Ratty Coat.exe [2015-06-30 8016024]
R2 Realtek11nSU;Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-01-21 45056]
R3 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2015-07-06 433784]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2015-07-06 413304]
R3 BstHdUpdaterSvc;BlueStacks Updater Service; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2015-07-06 822904]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-02-19 279024]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2014-12-26 654848]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-01 822232]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-06-04 837312]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 12 črc 2015 15:45

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

miGGuel · #3 Příspěvek od **miGGuel** » 13 črc 2015 02:57

Zdravím, tu je...

# AdwCleaner v4.208 - Log vytvorený 13/07/2015 at 03:53:45
# Aktualizované 09/07/2015 by Xplode
# Databáza : 2015-07-11.1 [Server]
# Operačný systém : Windows 8.1 Connected (x64)
# Uživateľské meno : Michal - MISO
# Spustené z : C:\Users\Michal\Desktop\adwcleaner_4.208.exe
# Nastavenia : Čistenie

***** [ Služby ] *****

[#] Služba Zmazané : 991bc3fc

***** [ Súbory / Priečinky ] *****

Priečinok Zmazané : C:\ProgramData\1ca2622e00001493
Priečinok Zmazané : C:\ProgramData\8216314285428141607
Priečinok Zmazané : C:\ProgramData\{66458875-5f61-1ba3-6645-588755f621d5}
Priečinok Zmazané : C:\ProgramData\{ec80f50a-162c-909d-ec80-0f50a162d428}
Priečinok Zmazané : C:\ProgramData\{f9cb3225-9dcf-be1d-f9cb-b32259dcc896}
Priečinok Zmazané : C:\Program Files (x86)\50Coupoenis
Priečinok Zmazané : C:\Program Files (x86)\AAlllSaver
Priečinok Zmazané : C:\Program Files (x86)\AllSaverr
Priečinok Zmazané : C:\Program Files (x86)\AllSavveR
Priečinok Zmazané : C:\Program Files (x86)\EExsTRACouUpOn
Priečinok Zmazané : C:\Program Files (x86)\EnjoyCoouponu
Priečinok Zmazané : C:\Program Files (x86)\ENjoyCuoupon
Priečinok Zmazané : C:\Program Files (x86)\EnnjoyCouuponn
Priečinok Zmazané : C:\Program Files (x86)\NeowSaVeur
Priečinok Zmazané : C:\Program Files (x86)\PriceMinuis
Priečinok Zmazané : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma
Priečinok Zmazané : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkgjlgfgcbmbdphpekbienchiehfmmhf
Priečinok Zmazané : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pijlffhfbmlppgkamcpcpkcbhanldgcl
Priečinok Zmazané : C:\ProgramData\fdblbdfdodilmajhogoinnccnlhijolk
Súbor Zmazané : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjlfnjepjdmlppapoikepbaabbghofma_0.localstorage
Súbor Zmazané : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjlfnjepjdmlppapoikepbaabbghofma_0.localstorage-journal
Súbor Zmazané : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mkgjlgfgcbmbdphpekbienchiehfmmhf_0.localstorage
Súbor Zmazané : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mkgjlgfgcbmbdphpekbienchiehfmmhf_0.localstorage-journal

***** [ Naplánované úlohy ] *****

Úloha Zmazané : Bidaily Synchronize Task

***** [ Zástupcovia ] *****

***** [ Registre ] *****

Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\PA188F79D_404D_40E6_B993_3771D288C862_.PA188F79D_404D_40E6_B993_3771D288C862_
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\PA188F79D_404D_40E6_B993_3771D288C862_.PA188F79D_404D_40E6_B993_3771D288C862_.9
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\PA5AF31D9_E96E_438A_97A9_2269A759ABD8_.PA5AF31D9_E96E_438A_97A9_2269A759ABD8_
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\PA5AF31D9_E96E_438A_97A9_2269A759ABD8_.PA5AF31D9_E96E_438A_97A9_2269A759ABD8_.9
Kľúč registra Zmazané : HKLM\SOFTWARE\d0ae8c67-3da1-17f2-75af-59d020260550
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{991bc3fc}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{A188F79D-404D-40E6-B993-3771D288C862}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{A5AF31D9-E96E-438A-97A9-2269A759ABD8}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{7A6DCEC2-55AB-418F-A903-93D0DF482809}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{A1965763-A486-4E1E-B574-19E44B3842E8}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{ADA38E4E-F20A-4399-BE91-E260AC341C69}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{C6E89B1A-0C9F-455A-A78B-AB9AC5C46199}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A188F79D-404D-40E6-B993-3771D288C862}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5AF31D9-E96E-438A-97A9-2269A759ABD8}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A188F79D-404D-40E6-B993-3771D288C862}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5AF31D9-E96E-438A-97A9-2269A759ABD8}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\CLSID\{A188F79D-404D-40E6-B993-3771D288C862}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5AF31D9-E96E-438A-97A9-2269A759ABD8}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A188F79D-404D-40E6-B993-3771D288C862}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5AF31D9-E96E-438A-97A9-2269A759ABD8}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Kľúč registra Zmazané : HKCU\Software\Avg Secure Update
Kľúč registra Zmazané : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Kľúč registra Zmazané : HKLM\SOFTWARE\mystartsearchSoftware
Kľúč registra Zmazané : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Kľúč registra Zmazané : HKU\.DEFAULT\Software\Avg Secure Update
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98449C67-C7AF-BB53-112D-26C916814611}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}
Dáta Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

***** [ Webové prehliadače ] *****

-\\ Internet Explorer v11.0.9600.17416

Nastavenie Obnovené : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Nastavenie Obnovené : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v43.0.2357.81

[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Zmazané [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Zmazané [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [10206 bajtov] - [13/07/2015 03:52:02]
AdwCleaner[S0].txt - [8135 bajtov] - [13/07/2015 03:53:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8195 bajtov] ##########

#4 Příspěvek od **vyosek** » 13 črc 2015 05:07

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

miGGuel · #5 Příspěvek od **miGGuel** » 14 črc 2015 00:51

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Michal on ut 14.07.2015 at 1:22:20,11.
Microsoft Windows 8.1 so službou Bing 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Michal\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14.7.2015 1:24:15 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\Andy deleted successfully
C:\Users\Michal\AppData\Roaming\DAEMON Tools Lite deleted successfully
C:\Users\Michal\AppData\Local\PACE Anti-Piracy deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AuutooDeialosApePa deleted
C:\PROGRA~2\SystemImprove deleted
C:\PROGRA~2\Bookmarks Button deleted
C:\PROGRA~2\LiveHive Email Content Tracking Analytics deleted
C:\PROGRA~2\New Tab Clock deleted
C:\PROGRA~2\Stolen Camera Finder deleted
C:\windows\SysNative\Tasks\1014avUpdateInfo deleted
C:\windows\SysNative\Tasks\CodeItFast deleted
C:\PROGRA~2\ImperiaMu Game Client deleted
C:\PROGRA~3\SetStretch.VBS deleted
C:\PROGRA~3\Avg_Update_1014av deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Michal\DownloadsDocument And Setings.exe deleted
"C:\ProgramData\mntemp" deleted
"C:\PROGRA~2\Bonjour\mdnsNSP.dll" deleted
"C:\PROGRA~2\Ratty Coat\Ratty Coat.exe" deleted
"C:\PROGRA~2\Bonjour" not deleted
"C:\PROGRA~2\Ratty Coat" not deleted

==== Chromium Look ======================

AdBlock - Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F9834CE-BBF5-4F63-B69C-65DD5EB45793} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F9834CE-BBF5-4F63-B69C-65DD5EB45793} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{6F9834CE-BBF5-4F63-B69C-65DD5EB45793} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6F9834CE-BBF5-4F63-B69C-65DD5EB45793} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F9834CE-BBF5-4F63-B69C-65DD5EB45793} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F9834CE-BBF5-4F63-B69C-65DD5EB45793} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B0EC0808-6922-8705-C255-F9C79C315BD5} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Michal\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Michal\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Michal\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Michal\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=78 folders=29 35634476 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Michal\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Michal\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Bonjour" not found
"C:\PROGRA~2\Ratty Coat" not found

==== EOF on ut 14.07.2015 at 1:49:46,40 ======================

#6 Příspěvek od **vyosek** » 14 črc 2015 05:46

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

miGGuel · #7 Příspěvek od **miGGuel** » 14 črc 2015 08:15

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Michal (administrator) on MISO on 14-07-2015 09:11:26
Running from C:\Users\Michal\Desktop
Loaded Profiles: Michal (Available Profiles: Michal)
Platform: Windows 8.1 Connected (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-04-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888440 2015-07-06] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3052728683-791047638-3597169863-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3052728683-791047638-3597169863-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Michal\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3052728683-791047638-3597169863-1001\...\MountPoints2: {2c9f03cd-9153-11e4-8264-3010b386d08d} - "F:\LGAutoRun.exe"
Startup: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Clash of Clans.lnk [2015-05-07]
ShortcutTarget: Clash of Clans.lnk -> C:\ProgramData\{66458875-5f61-1ba3-6645-588755f621d5}\Clash of Clans.exe (No File)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3052728683-791047638-3597169863-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D4862AE4-F261-448C-A8B8-7CD53FDA7D58}: [DhcpNameServer] 192.168.80.11
Tcpip\..\Interfaces\{FB7A2295-7643-4400-A97C-25789E44D538}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-14]
CHR Extension: (Google Docs) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-14]
CHR Extension: (Google Drive) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-14]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-10]
CHR Extension: (Google Search) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-10]
CHR Extension: (Google Sheets) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-14]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-07-06] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-07-06] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [822904 2015-07-06] (BlueStack Systems, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-12-26] (Macrovision Europe Ltd.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Ratty Coat; "C:\Program Files (x86)\Ratty Coat\Ratty Coat.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-06] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-07-06] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-02-04] (Disc Soft Ltd)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-28] (Intel Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 09:11 - 2015-07-14 09:12 - 00012334 _____ C:\Users\Michal\Desktop\FRST.txt
2015-07-14 09:10 - 2015-07-14 09:11 - 00000000 ____D C:\FRST
2015-07-14 08:49 - 2015-07-14 08:49 - 02133504 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2015-07-14 01:39 - 2015-07-14 01:22 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-14 01:23 - 2015-07-14 01:49 - 00008489 _____ C:\zoek-results.log
2015-07-14 01:22 - 2015-07-14 01:37 - 00000000 ____D C:\zoek_backup
2015-07-14 01:21 - 2015-07-14 01:21 - 01308672 _____ C:\Users\Michal\Desktop\zoek.exe
2015-07-13 03:51 - 2015-07-13 03:53 - 00000000 ____D C:\AdwCleaner
2015-07-13 03:48 - 2015-07-13 03:48 - 02248704 _____ C:\Users\Michal\Desktop\adwcleaner_4.208.exe
2015-07-12 01:17 - 2015-07-14 01:49 - 00000892 _____ C:\Windows\PFRO.log
2015-07-10 17:46 - 2015-07-10 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuAcheron - Mu Online Season 9
2015-07-10 13:14 - 2015-07-11 17:38 - 00000000 ____D C:\Users\Michal\Downloads\Jurassic.World.2015.HC.HDRip.XviD.AC3-EVO
2015-07-09 21:21 - 2015-07-10 20:06 - 00000000 ____D C:\Users\Michal\Downloads\World War Z (2013)
2015-07-08 17:11 - 2015-07-08 17:11 - 00001283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MU Online By FunFirst CZ.lnk
2015-07-08 17:11 - 2015-07-08 17:11 - 00001259 _____ C:\Users\Public\Desktop\MU Online By FunFirst CZ.lnk
2015-07-08 17:06 - 2015-07-10 01:13 - 00000000 ____D C:\Users\Michal\Documents\MU Online By FunFirst
2015-07-08 17:06 - 2015-07-08 17:06 - 00000000 ____D C:\FunFirst
2015-07-08 17:02 - 2015-07-08 17:02 - 00000000 ____D C:\Users\Michal\AppData\Roaming\FunFirst
2015-07-08 11:39 - 2015-07-08 11:39 - 00001874 _____ C:\Users\Public\Desktop\Apps.lnk
2015-07-08 11:39 - 2015-07-08 11:39 - 00001821 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-07-08 11:39 - 2015-07-08 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-07-05 20:12 - 2015-07-05 20:56 - 00000000 ____D C:\Users\Michal\Downloads\Now You See Me (2013)
2015-07-02 15:42 - 2015-07-02 16:58 - 00000126 _____ C:\Users\Michal\Desktop\zoznamik.txt
2015-06-30 11:31 - 2015-06-30 11:31 - 00040967 _____ C:\Users\Michal\Documents\ts3_clientui-win32-1407159763-2015-06-30 11_31_25.723088.dmp
2015-06-25 18:49 - 2015-06-25 19:53 - 00000000 ____D C:\Users\Michal\Downloads\Mad.Max.Fury.Road.2015.HDRip.XviD.AC3-EVO

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 09:03 - 2014-12-23 12:40 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3052728683-791047638-3597169863-1001
2015-07-14 09:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-14 08:59 - 2015-05-17 01:52 - 01788135 _____ C:\Windows\WindowsUpdate.log
2015-07-14 08:58 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-14 08:48 - 2014-12-23 12:37 - 00000093 _____ C:\Users\Michal\AppData\Roaming\sp_data.sys
2015-07-14 08:47 - 2014-12-23 12:42 - 00000000 __RDO C:\Users\Michal\OneDrive
2015-07-14 01:53 - 2014-12-26 14:11 - 00589312 ___SH C:\Users\Michal\Downloads\Thumbs.db
2015-07-14 01:49 - 2015-06-06 15:47 - 00004529 _____ C:\Windows\setupact.log
2015-07-14 01:49 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 01:48 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-14 01:39 - 2014-12-23 14:14 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B9C1F22B-3B4B-422A-8EF1-B1630414684D}
2015-07-14 01:37 - 2014-12-23 12:32 - 00000000 ____D C:\Users\Michal
2015-07-14 01:01 - 2014-12-25 00:16 - 00000000 ____D C:\Users\Michal\AppData\Roaming\TS3Client
2015-07-13 23:48 - 2015-06-09 11:48 - 00000364 _____ C:\Windows\Tasks\CodeItFast.job
2015-07-13 12:00 - 2015-05-13 15:20 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-07-13 12:00 - 2015-05-13 15:20 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-07-13 03:56 - 2014-12-27 03:06 - 00000000 ____D C:\Users\Michal\AppData\Local\CrashDumps
2015-07-12 16:42 - 2015-03-05 00:09 - 00000000 ____D C:\Program Files\trend micro
2015-07-12 16:33 - 2015-05-23 14:43 - 00000024 _____ C:\Users\Michal\AppData\Roaming\appdataFr25.bin
2015-07-12 01:22 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-11 17:36 - 2014-12-25 02:51 - 00000000 ____D C:\Users\Michal\AppData\Roaming\vlc
2015-07-10 23:12 - 2014-12-25 02:09 - 00000000 ____D C:\Users\Michal\AppData\Roaming\uTorrent
2015-07-10 17:43 - 2015-01-06 22:33 - 00000000 ____D C:\Users\Michal\Desktop\pre mamu
2015-07-10 00:36 - 2014-12-23 14:25 - 01492480 ___SH C:\Users\Michal\Desktop\Thumbs.db
2015-07-09 21:45 - 2014-12-23 16:41 - 00000000 ____D C:\Users\Michal\AppData\Local\RabanSoft
2015-07-09 21:32 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-08 11:53 - 2015-05-12 23:22 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-07-08 11:39 - 2015-05-12 23:23 - 00000000 ____D C:\ProgramData\BlueStacks
2015-07-08 11:39 - 2015-05-12 23:23 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-07-08 11:39 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-05 20:59 - 2014-03-18 17:25 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-05 20:29 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-05 20:28 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-19 15:03 - 2015-05-24 13:59 - 00000000 ____D C:\Users\Michal\AppData\Local\PokerStars.EU

==================== Files in the root of some directories =======

2015-05-23 14:43 - 2015-07-12 16:33 - 0000024 _____ () C:\Users\Michal\AppData\Roaming\appdataFr25.bin
2005-08-25 10:14 - 2015-04-16 18:13 - 0034803 ____H () C:\Users\Michal\AppData\Roaming\cglogs.dat
2014-12-23 12:37 - 2015-07-14 08:48 - 0000093 _____ () C:\Users\Michal\AppData\Roaming\sp_data.sys
2015-05-10 14:09 - 2015-05-10 14:09 - 0000000 _____ () C:\Users\Michal\AppData\Local\Temp.dat
2015-05-07 12:07 - 2015-05-07 12:07 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2014-10-10 05:42 - 2014-10-10 05:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-23 10:53 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-04-23 10:53 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-05 12:41

==================== End of log ============================

#8 Příspěvek od **vyosek** » 14 črc 2015 08:31

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3052728683-791047638-3597169863-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Michal\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3052728683-791047638-3597169863-1001\...\MountPoints2: {2c9f03cd-9153-11e4-8264-3010b386d08d} - "F:\LGAutoRun.exe" 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

S2 Ratty Coat; "C:\Program Files (x86)\Ratty Coat\Ratty Coat.exe" [X]

2015-07-14 09:11 - 2015-07-14 09:12 - 00012334 _____ C:\Users\Michal\Desktop\FRST.txt
2015-07-14 01:39 - 2015-07-14 01:22 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-14 01:23 - 2015-07-14 01:49 - 00008489 _____ C:\zoek-results.log
2015-07-14 01:22 - 2015-07-14 01:37 - 00000000 ____D C:\zoek_backup
2015-07-14 01:21 - 2015-07-14 01:21 - 01308672 _____ C:\Users\Michal\Desktop\zoek.exe
2015-07-13 03:51 - 2015-07-13 03:53 - 00000000 ____D C:\AdwCleaner
2015-07-13 03:48 - 2015-07-13 03:48 - 02248704 _____ C:\Users\Michal\Desktop\adwcleaner_4.208.exe
2015-07-12 01:17 - 2015-07-14 01:49 - 00000892 _____ C:\Windows\PFRO.log

Task: {08F320F2-BD69-4226-A0C8-30DF76553EB8} - \1014avUpdateInfo No Task File <==== ATTENTION
Task: {5044947F-263E-4937-9271-40F63121D50B} - \CodeItFast No Task File <==== ATTENTION
Task: C:\Windows\Tasks\CodeItFast.job => c:\programdata\{f9cb3225-9dcf-be1d-f9cb-b32259dcc896}\689923946697359598b.exe <==== ATTENTION
c:\programdata\{f9cb3225-9dcf-be1d-f9cb-b32259dcc896}

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

miGGuel · #9 Příspěvek od **miGGuel** » 14 črc 2015 23:36

Zdravím...

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Michal at 2015-07-15 00:26:51 Run:1
Running from C:\Users\Michal\Desktop
Loaded Profiles: Michal (Available Profiles: Michal)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3052728683-791047638-3597169863-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Michal\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3052728683-791047638-3597169863-1001\...\MountPoints2: {2c9f03cd-9153-11e4-8264-3010b386d08d} - "F:\LGAutoRun.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

S2 Ratty Coat; "C:\Program Files (x86)\Ratty Coat\Ratty Coat.exe" [X]

2015-07-14 09:11 - 2015-07-14 09:12 - 00012334 _____ C:\Users\Michal\Desktop\FRST.txt
2015-07-14 01:39 - 2015-07-14 01:22 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-14 01:23 - 2015-07-14 01:49 - 00008489 _____ C:\zoek-results.log
2015-07-14 01:22 - 2015-07-14 01:37 - 00000000 ____D C:\zoek_backup
2015-07-14 01:21 - 2015-07-14 01:21 - 01308672 _____ C:\Users\Michal\Desktop\zoek.exe
2015-07-13 03:51 - 2015-07-13 03:53 - 00000000 ____D C:\AdwCleaner
2015-07-13 03:48 - 2015-07-13 03:48 - 02248704 _____ C:\Users\Michal\Desktop\adwcleaner_4.208.exe
2015-07-12 01:17 - 2015-07-14 01:49 - 00000892 _____ C:\Windows\PFRO.log

Task: {08F320F2-BD69-4226-A0C8-30DF76553EB8} - \1014avUpdateInfo No Task File <==== ATTENTION
Task: {5044947F-263E-4937-9271-40F63121D50B} - \CodeItFast No Task File <==== ATTENTION
Task: C:\Windows\Tasks\CodeItFast.job => c:\programdata\{f9cb3225-9dcf-be1d-f9cb-b32259dcc896}\689923946697359598b.exe <==== ATTENTION
c:\programdata\{f9cb3225-9dcf-be1d-f9cb-b32259dcc896}

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-3052728683-791047638-3597169863-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
"HKU\S-1-5-21-3052728683-791047638-3597169863-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c9f03cd-9153-11e4-8264-3010b386d08d}" => key removed successfully
HKCR\CLSID\{2c9f03cd-9153-11e4-8264-3010b386d08d} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Winsock: Catalog entry 000000000008 => removed successfully
Ratty Coat => Service removed successfully
C:\Users\Michal\Desktop\FRST.txt => moved successfully.
C:\Windows\zoek-delete.exe => moved successfully.
C:\zoek-results.log => moved successfully.
C:\zoek_backup => moved successfully.
C:\Users\Michal\Desktop\zoek.exe => moved successfully.
C:\AdwCleaner => moved successfully.
C:\Users\Michal\Desktop\adwcleaner_4.208.exe => moved successfully.
C:\Windows\PFRO.log => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08F320F2-BD69-4226-A0C8-30DF76553EB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08F320F2-BD69-4226-A0C8-30DF76553EB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1014avUpdateInfo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5044947F-263E-4937-9271-40F63121D50B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5044947F-263E-4937-9271-40F63121D50B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CodeItFast" => key removed successfully
C:\Windows\Tasks\CodeItFast.job => moved successfully.
"c:\programdata\{f9cb3225-9dcf-be1d-f9cb-b32259dcc896}" => File/Folder not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 453.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 00:28:03 ====

#10 Příspěvek od **vyosek** » 15 črc 2015 05:06

jak se chova ntb, stale neposloucha??

miGGuel · #11 Příspěvek od **miGGuel** » 15 črc 2015 13:03

Zdravím, zatiaľ to vyzerá byť v pohode... tie logy mi mali inak aj AdBlock zmazať? Lebo mi zmizol + sa neviem v chrome zbaviť DiscountExt http://prntscr.com/7sy5kb

už som deaktivoval aj zmazal ale vždy ked restartnem pc a zapnem chrome sa mi to zapne a vyskakuje mi nejaka DiscountExt tabulka nech idem na hociakú stránku, neviem čo to môže byť.

Každopádne ďakujem za doterajšiu pomoc.

#12 Příspěvek od **vyosek** » 15 črc 2015 13:17

Odinstalujte Google Chrome, smazte jeho profilovou slozku C:\Users\Michal\AppData\Local\Google

Nainstalujte G Chrome a napiste ci ten kram stale otravuje

miGGuel · #13 Příspěvek od **miGGuel** » 17 črc 2015 13:11

Vyzerá to byť fajn

už to zmizlo...

#14 Příspěvek od **vyosek** » 17 črc 2015 13:16

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

Stahnete a spustte
Ponechte zatrzitkou pouze u volby Remove disinfection tools
Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

miGGuel · #15 Příspěvek od **miGGuel** » 24 črc 2015 02:37

vďaka za všetkú pomoc

VIRY.CZ

notebook neposlucha

notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha

Re: notebook neposlucha