činsky šmejd aj na slovensku

[kode]

V mojom NTB Samsung so systémom W8.1 sa mi objavili 2 cinske antiviraky Tencent a RAV - Rising antivirus 2008. Kedze sa mi to zdalo podobne ako u "novas1998", ktorému ste pomohli 25 cer 2015, tak som skusil pouzit postup uvedeny v jeho teme. Zacalo sa to hladko (nizsie prikladam log a Adwcleaner), ale po stiahnuti Combofix-u a jeho spusteni mi vybehlo ze W2000 nie je podporovany a nespustilo mi ho. vid prilozeny subor. Prosim, pomozte mi, neviem ako dalej...
# AdwCleaner v4.208 - Log vytvorený 13/08/2015 at 23:05:34
# Aktualizované 09/07/2015 by Xplode
# Databáza : 2015-08-12.1 [Server]
# Operačný systém : Windows 8.1 (x64)
# Uživateľské meno : Andrej - NTB-AR
# Spustené z : C:\Users\Andrej\Desktop\adwcleaner_4.208.exe
# Nastavenia : Čistenie

***** [ Služby ] *****

[#] Služba Zmazané : globalUpdate
[#] Služba Zmazané : globalUpdatem
[#] Služba Zmazané : QMUdisk
[#] Služba Zmazané : ExtTag

***** [ Súbory / Priečinky ] *****

Priečinok Zmazané : C:\IQIYI Video
Priečinok Zmazané : C:\ProgramData\Babylon
Priečinok Zmazané : C:\ProgramData\IBUpdaterService
Priečinok Zmazané : C:\ProgramData\WindowsMangerProtect
Priečinok Zmazané : C:\ProgramData\IHProtectUpDate
Priečinok Zmazané : C:\ProgramData\tencent
Priečinok Zmazané : C:\ProgramData\TXQMPC
Priečinok Zmazané : C:\ProgramData\ExtTags
Priečinok Zmazané : C:\ProgramData\ExtTag
Priečinok Zmazané : C:\Program Files (x86)\Delta
Priečinok Zmazané : C:\Program Files (x86)\globalUpdate
Priečinok Zmazané : C:\Program Files (x86)\predm
Priečinok Zmazané : C:\Program Files (x86)\tencent
Priečinok Zmazané : C:\Program Files (x86)\CinemaPlus-3.2cV29.07
Priečinok Zmazané : C:\Program Files (x86)\MyWebFace_5aEI
Priečinok Zmazané : C:\Program Files (x86)\VideoDownloadConverter_4zEI
Priečinok Zmazané : C:\Program Files (x86)\Common Files\tencent
Priečinok Zmazané : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Priečinok Zmazané : C:\Program Files\Common Files\tencent
Priečinok Zmazané : C:\Users\Andrej\SupTab
Priečinok Zmazané : C:\Users\Andrej\AppData\Local\globalUpdate
Priečinok Zmazané : C:\Users\Andrej\AppData\Local\SysassistByHotWheel
Priečinok Zmazané : C:\Users\Andrej\AppData\LocalLow\Delta
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\7go
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\AnyProtectEx
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\Babylon
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\SeeSimilar02
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\SpeedAnalysis2
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\zulagames
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\IQIYI Video
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\tencent
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[!] Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\Extensions\addon@defaulttab.com.xpi
[!] Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\Extensions\speedanalysis02@SpeedAnalysis.com.xpi
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\Extensions\deskCutv2@gmail.com
Priečinok Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\Extensions\defsearchp@gmail.com
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\Extensions\7go@7go.com.xpi
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\Extensions\addon@defaulttab.com.xpi
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\Extensions\speedanalysis02@SpeedAnalysis.com.xpi
Súbor Zmazané : C:\WINDOWS\Reimage.ini
Súbor Zmazané : C:\WINDOWS\System32\drivers\TFsFltX64.sys
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\speedanalysis.ico
Súbor Zmazané : C:\Users\Andrej\Desktop\7go.lnk
Súbor Zmazané : C:\Users\Andrej\Desktop\Continue Live Installation.lnk
Súbor Zmazané : C:\Users\Andrej\Desktop\ZulaGames.lnk
Súbor Zmazané : C:\Users\Andrej\Desktop\Continue GamesDesktop Uninstaller.lnk
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\bprotector_extensions.sqlite
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\bprotector_prefs.js
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\defaulttab.config
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\invalidprefs.js
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\searchplugins\BrowserProtect.xml
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\searchplugins\delta.xml
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\searchplugins\istartsurf.xml
Súbor Zmazané : C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\user.js
Súbor Zmazané : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\prefs.js

***** [ Naplánované úlohy ] *****

Úloha Zmazané : APSnotifierPP1
Úloha Zmazané : APSnotifierPP2
Úloha Zmazané : APSnotifierPP3
Úloha Zmazané : BitGuard
Úloha Zmazané : globalUpdateUpdateTaskMachineCore
Úloha Zmazané : globalUpdateUpdateTaskMachineUA
Úloha Zmazané : f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-6
Úloha Zmazané : f706a8f7-287f-4a40-893c-ca55c01ea0aa-1-7
Úloha Zmazané : f706a8f7-287f-4a40-893c-ca55c01ea0aa-10_user
Úloha Zmazané : f706a8f7-287f-4a40-893c-ca55c01ea0aa-5
Úloha Zmazané : f706a8f7-287f-4a40-893c-ca55c01ea0aa-5_user

***** [ Zástupcovia ] *****


***** [ Registre ] *****

Hodnota Zmazané : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
Hodnota Zmazané : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Hodnota Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Prod.cap
Kľúč registra Zmazané : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Kľúč registra Zmazané : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Kľúč registra Zmazané : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Kľúč registra Zmazané : HKCU\Software\Mozilla\Extends
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Kľúč registra Zmazané : HKLM\SOFTWARE\CLASSES\METNSD
Kľúč registra Zmazané : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Kľúč registra Zmazané : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Kľúč registra Zmazané : HKCU\Software\MozillaPlugins\@iqiyi.com/npWebPlayer
Kľúč registra Zmazané : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer
Kľúč registra Zmazané : HKCU\Software\f2d8d9e66ee914
Kľúč registra Zmazané : HKLM\SOFTWARE\f2d8d9e66ee914
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Hodnota Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{96A25A24-2E87-4374-8A50-CC6F943FCE4D}]
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Kľúč registra Zmazané : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Dáta Obnovené : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{26014567-205A-4375-859B-B1A91D9501BC}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Hodnota Zmazané : HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{23F509B8-029A-4303-9DCA-A7FE8BC91E86}C:\program files (x86)\relevantknowledge\rlvknlg.exe]
Hodnota Zmazané : HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{69D0D29E-27F2-4BDB-B24A-7A5F5A41D256}C:\program files (x86)\relevantknowledge\rlvknlg.exe]
Kľúč registra Zmazané : HKCU\Software\AnyProtect
Kľúč registra Zmazané : HKCU\Software\APN PIP
Kľúč registra Zmazané : HKCU\Software\AskPartnerNetwork
Kľúč registra Zmazané : HKCU\Software\BABSOLUTION
Kľúč registra Zmazané : HKCU\Software\BabylonToolbar
Kľúč registra Zmazané : HKCU\Software\DataMngr
Kľúč registra Zmazané : HKCU\Software\DataMngr_Toolbar
Kľúč registra Zmazané : HKCU\Software\Default Tab
Kľúč registra Zmazané : HKCU\Software\DefaultTab
Kľúč registra Zmazané : HKCU\Software\delta LTD
Kľúč registra Zmazané : HKCU\Software\filescout
Kľúč registra Zmazané : HKCU\Software\GlobalUpdate
Kľúč registra Zmazané : HKCU\Software\HomeTab
Kľúč registra Zmazané : HKCU\Software\InstalledBrowserExtensions
Kľúč registra Zmazané : HKCU\Software\Myfree Codec
Kľúč registra Zmazané : HKCU\Software\simplytech
Kľúč registra Zmazané : HKCU\Software\Softonic
Kľúč registra Zmazané : HKCU\Software\TutoTag
Kľúč registra Zmazané : HKCU\Software\Reimage
Kľúč registra Zmazané : HKCU\Software\WajIEnhance
Kľúč registra Zmazané : HKCU\Software\TNT2
Kľúč registra Zmazané : HKCU\Software\WajIntEnhance
Kľúč registra Zmazané : HKCU\Software\SearchProtectWS
Kľúč registra Zmazané : HKCU\Software\Crossbrowse
Kľúč registra Zmazané : HKCU\Software\Linkey
Kľúč registra Zmazané : HKCU\Software\YorkNewCin
Kľúč registra Zmazané : HKCU\Software\HighDefAction
Kľúč registra Zmazané : HKCU\Software\ArenaHD
Kľúč registra Zmazané : HKCU\Software\Kromtech
Kľúč registra Zmazané : HKCU\Software\CinemaPlus-3.2cV29.07
Kľúč registra Zmazané : HKCU\Software\CinemaPlus-3.2cV29.07-nv-ie
Kľúč registra Zmazané : HKCU\Software\AppDataLow\Software\Crossrider
Kľúč registra Zmazané : HKCU\Software\AppDataLow\Software\DefaultTab
Kľúč registra Zmazané : HKLM\SOFTWARE\AskPartnerNetwork
Kľúč registra Zmazané : HKLM\SOFTWARE\Babylon
Kľúč registra Zmazané : HKLM\SOFTWARE\BabylonToolbar
Kľúč registra Zmazané : HKLM\SOFTWARE\Conduit
Kľúč registra Zmazané : HKLM\SOFTWARE\DataMngr
Kľúč registra Zmazané : HKLM\SOFTWARE\Default Tab
Kľúč registra Zmazané : HKLM\SOFTWARE\GlobalUpdate
Kľúč registra Zmazané : HKLM\SOFTWARE\Iminent
Kľúč registra Zmazané : HKLM\SOFTWARE\InstalledBrowserExtensions
Kľúč registra Zmazané : HKLM\SOFTWARE\istartsurfSoftware
Kľúč registra Zmazané : HKLM\SOFTWARE\Myfree Codec
Kľúč registra Zmazané : HKLM\SOFTWARE\SearchProtect
Kľúč registra Zmazané : HKLM\SOFTWARE\SupDp
Kľúč registra Zmazané : HKLM\SOFTWARE\SupTab
Kľúč registra Zmazané : HKLM\SOFTWARE\supWindowsMangerProtect
Kľúč registra Zmazané : HKLM\SOFTWARE\Tutorials
Kľúč registra Zmazané : HKLM\SOFTWARE\mystartsearchSoftware
Kľúč registra Zmazané : HKLM\SOFTWARE\IHProtect
Kľúč registra Zmazané : HKLM\SOFTWARE\WajIntEnhance
Kľúč registra Zmazané : HKLM\SOFTWARE\Crossbrowse
Kľúč registra Zmazané : HKLM\SOFTWARE\SpeedBit
Kľúč registra Zmazané : HKLM\SOFTWARE\AIM Toolbar
Kľúč registra Zmazané : HKLM\SOFTWARE\YorkNewCin
Kľúč registra Zmazané : HKLM\SOFTWARE\HighDefAction
Kľúč registra Zmazané : HKLM\SOFTWARE\ArenaHD
Kľúč registra Zmazané : HKLM\SOFTWARE\FFPluginHp
Kľúč registra Zmazané : HKLM\SOFTWARE\searchult
Kľúč registra Zmazané : HKLM\SOFTWARE\CinemaPlus-3.2cV29.07
Kľúč registra Zmazané : HKLM\SOFTWARE\CinemaPlus-3.2cV29.07-nv-ie
Kľúč registra Zmazané : HKLM\SOFTWARE\MyWebFace_5aEI
Kľúč registra Zmazané : HKLM\SOFTWARE\VideoDownloadConverter_4zEI
Kľúč registra Zmazané : HKU\.DEFAULT\Software\DefaultTab
Kľúč registra Zmazané : HKU\.DEFAULT\Software\CinemaPlus-3.2cV29.07-nv-ie
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zulagames
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Reimage
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\YorkNewCin
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\HighDefAction
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\ArenaHD
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cn.hao123.com
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hao123.com
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchresults.com
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safefinder.com
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.safefinder.com
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com

***** [ Webové prehliadače ] *****

-\\ Internet Explorer v11.0.9600.17840

Nastavenie Obnovené : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119529&babs ... 689DD6DD66");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("avg.install.userSPSettings", "Delta Search");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.defaultenginename", "istartsurf");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.searchengine.alias", "istartsurf");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.searchengine.name", "istartsurf");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1437 ... FPJAWFPJAW[...]
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.selectedEngine", "istartsurf");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.admin", false);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.excTlbr", false);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.id", "d460bb5e00000000000020689dd6fa4e");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.instlDay", "15972");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.newTab", false);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.rvrt", "false");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.smplGrp", "none");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.tlbrId", "base");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d460bb5e00000000000020689dd6fa4e&q=");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.621:16:43");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar_i.babExt", "");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=122668&tsp=5015");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.crossrider.bic", "14eb1f82f83772e8486e1a2078c4be44");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.defaulttab.PIR7", 1419798934);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.defaulttab.browserID", "ACC6E7FF1098C2BE2D3889D08B67C544");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.defaulttab.config", "{\"set_default_search\":\"Search HereSearch Here\",\"features\":[{\"engine\":\"\",\"additional_config\":\"\",\"ai\":0,\"feature\":\"DP\",\"url\":\"hxxp://i.[...]
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.defaulttab.firstrun", false);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.defaulttab.installdate", 1345053952);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.defaulttab.installedVersion", "2.4");
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.defaulttab.lastUsed", 1407439429);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.defaulttab.sethomepage", false);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.defaulttab.useNewTabWhiteList", false);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.quick_start.enable_search1", false);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[1sws3yqo.default\prefs.js] - Riadok Zmazané : user_pref("extensions.xpiState", "{\"app-profile\":{\"389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com\":{\"d\":\"C:\\\\Users\\\\Andrej\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\1sws3yq[...]

*************************

AdwCleaner[R0].txt - [36610 bajtov] - [13/08/2015 22:43:24]
AdwCleaner[S0].txt - [32419 bajtov] - [13/08/2015 23:05:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32480 bajtov] ##########

[JaRon]

vloz log FRST

[kode]

spravilo to FRST3.TXT. tu je:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-08-2015
Ran by Andrej (administrator) on NTB-AR (14-08-2015 12:04:29)
Running from C:\Users\Andrej\Desktop
Loaded Profiles: Andrej (Available Profiles: Andrej & Laurika & Guest)
Platform: Windows 8.1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files\Checker\check.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\ExtTag\ExtTag.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rsmain.exe
(MyHeritage) C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\ZipSendService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\mcbuilder.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(forum.viry.cz) C:\Users\Andrej\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-09-13] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-06-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2477056 2015-03-02] (MyHeritage)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_ra_005010052] => [X]
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] (Atheros Communications)
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\...\Run: [Nokia.PCSync] => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-14] (Samsung)
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53753984 2015-07-18] (Skype Technologies S.A.)
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe
AppInit_DLLs: C:\ProgramData\ExtTag\3cuisxcb.dll => C:\ProgramData\ExtTag\3cuisxcb.dll [146944 2015-08-13] ()
AppInit_DLLs-x32: C:\ProgramData\ExtTag\bgz41230.dll => C:\ProgramData\ExtTag\bgz41230.dll [120320 2015-08-13] ()
GroupPolicyUsers\S-1-5-21-616606610-2038691625-1780101643-1005\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-616606610-2038691625-1780101643-1002\User: Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=14388 ... FPJAWFPJAW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotdf1gbS5CNU_nwHrFnxvohvo42rkk_KTyN37biwIyO4KapkNfROcqIYeJXLmGb3-OkUh78yChuZgsxX2L3AsGOPEzQ4BG9BIUkhTvjh2ZFiBfSCmyUgVWIV-Pzt-kVTc-7KxBk8jFYkilXJ&q={searchTerms}
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotdf1gbS5CNU_nwHrFnxvohvo42rkk_KTyN37biwIyO4KapkNfROcqIYeJXLmGb3-OXVp0SVNfvmvDFVJ5fvqq833GxNxIDw7IQij6zDpApnCadFpn0YyZO8rOy7hi-59uDIJ0GEWQBucCfl
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotdf1gbS5CNU_nwHrFnxvohvo42rkk_KTyN37biwIyO4KapkNfROcqIYeJXLmGb3-OkUh78yChuZgsxX2L3AsGOPEzQ4BG9BIUkhTvjh2ZFiBfSCmyUgVWIV-Pzt-kVTc-7KxBk8jFYkilXJ&q={searchTerms}
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotdf1gbS5CNU_nwHrFnxvohvo42rkk_KTyN37biwIyO4KapkNfROcqIYeJXLmGb3-OkUh78yChuZgsxX2L3AsGOPEzQ4BG9BIUkhTvjh2ZFiBfSCmyUgVWIV-Pzt-kVTc-7KxBk8jFYkilXJ&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotdf1gbS5CNU_nwHrFnxvohvo42rkk_KTyN37biwIyO4KapkNfROcqIYeJXLmGb3-OkUh78yChuZgsxX2L3AsGOPEzQ4BG9BIUkhTvjh2ZFiBfSCmyUgVWIV-Pzt-kVTc-7KxBk8jFYkilXJ&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotdf1gbS5CNU_nwHrFnxvohvo42rkk_KTyN37biwIyO4KapkNfROcqIYeJXLmGb3-OkUh78yChuZgsxX2L3AsGOPEzQ4BG9BIUkhTvjh2ZFiBfSCmyUgVWIV-Pzt-kVTc-7KxBk8jFYkilXJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> {81AB536F-FCA7-4383-8850-903CBBD0784D} URL =
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotdf1gbS5CNU_nwHrFnxvohvo42rkk_KTyN37biwIyO4KapkNfROcqIYeJXLmGb3-OkUh78yChuZgsxX2L3AsGOPEzQ4BG9BIUkhTvjh2ZFiBfSCmyUgVWIV-Pzt-kVTc-7KxBk8jFYkilXJ&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-23] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-23] (Oracle Corporation)
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://195.28.70.134/kapor2/lib/mgaxctrl.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EC2AE6F9-BC41-4F2E-8E7E-E1EBD406A272}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default
FF Homepage: C:\ProgramData\ExtTags\ff.HP
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2012-08-10] (Nero AG)
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-616606610-2038691625-1780101643-1002: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.)
FF SearchPlugin: C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\searchplugins\findit.xml [2015-08-13]
FF SearchPlugin: C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\searchplugins\google-peklada.xml [2013-10-16]
FF SearchPlugin: C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\searchplugins\istartsurf-1.xml [2015-08-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2015-08-13]
FF Extension: jid1BOjn8b0IM7kH2wjetpack - C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\Extensions\jid1-BOjn8b0IM7kH2w@jetpack [2015-07-31]
FF Extension: No Name - C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\extensions\addon@defaulttab.com.xpi [not found]
FF Extension: No Name - C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Andrej\AppData\Roaming\Mozilla\Firefox\Profiles\1sws3yqo.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gflandjopdloblmlcoiidmncpinmmacn] - C:\Users\Andrej\AppData\Roaming\zulagames\zulagames.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gjajpkikblccgefaibcafkfbanllpefi] - C:\Users\Andrej\AppData\Roaming\7go\7go.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Checker; C:\Program Files\Checker\check.exe [376832 2015-07-20] () [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-06] (ELAN Microelectronics Corp.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [48128 2015-08-08] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-05-21] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3025248 2015-07-07] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]
S2 comyninu; C:\Program Files (x86)\F25B4580-1438719879-18CC-915D-0B5C24CEB4A4\hnsbE92A.tmp [X]
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag [X]
S2 hegisoje; C:\Program Files (x86)\F25B4580-1438719879-18CC-915D-0B5C24CEB4A4\knso83E3.tmp [X]
S2 hyverumu; C:\Program Files (x86)\F25B4580-1438719879-18CC-915D-0B5C24CEB4A4\jnslB42E.tmp [X]
S2 sigokide; C:\Program Files (x86)\F25B4580-1438719879-18CC-915D-0B5C24CEB4A4\knsd87D8.tmpfs [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-25] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-10-30] (Windows (R) 2003 DDK 3790 provider)
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.)
S1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [23552 2009-10-25] (Flint Incorporation)
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-14 12:04 - 2015-08-14 12:05 - 00025685 _____ C:\Users\Andrej\Desktop\FRST.txt
2015-08-14 12:03 - 2015-08-14 12:04 - 00000000 ____D C:\FRST
2015-08-14 11:37 - 2015-08-14 11:37 - 00112640 _____ (forum.viry.cz) C:\Users\Andrej\Desktop\FRSTLauncher.exe
2015-08-14 11:36 - 2015-08-14 11:36 - 02173952 _____ (Farbar) C:\Users\Andrej\Desktop\FRST64.exe
2015-08-13 23:20 - 2015-08-13 23:20 - 05634572 _____ (Swearware) C:\Users\Andrej\Desktop\ComboFix.exe
2015-08-13 23:06 - 2015-08-13 23:11 - 00000000 ____D C:\ProgramData\ExtTag
2015-08-13 23:06 - 2015-08-13 23:06 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-13 22:43 - 2015-08-13 23:06 - 00000000 ____D C:\AdwCleaner
2015-08-13 22:37 - 2015-08-13 22:37 - 02248704 _____ C:\Users\Andrej\Desktop\adwcleaner_4.208.exe
2015-08-13 21:39 - 2015-08-13 21:39 - 00000000 ____D C:\Program Files\Elantech
2015-08-13 21:31 - 2015-08-13 21:31 - 00002998 _____ C:\WINDOWS\System32\Tasks\SUPatchForW10Up
2015-08-13 21:27 - 2015-08-13 21:28 - 11231944 _____ (ESET) C:\Users\Andrej\Downloads\avremover_nt64_enu.exe
2015-08-13 21:19 - 2015-08-13 21:19 - 01661128 _____ (ESET) C:\Users\Andrej\Downloads\eset_smart_security_live_installer.exe
2015-08-13 21:14 - 2015-08-13 21:14 - 00003126 _____ C:\WINDOWS\System32\Tasks\advRecovery
2015-08-13 21:10 - 2015-08-13 21:10 - 00001597 _____ C:\Users\Public\Desktop\Recovery.lnk
2015-08-10 21:45 - 2015-08-10 21:45 - 00000000 _____ C:\autoexec.bat
2015-08-10 20:52 - 2015-08-10 20:53 - 00001546 _____ C:\Users\Andrej\Desktop\iexplorer.lnk
2015-08-08 11:14 - 2015-08-08 11:15 - 00000923 _____ C:\Users\Andrej\Desktop\DOCs.lnk
2015-08-08 10:45 - 2015-08-13 21:52 - 00048298 _____ C:\WINDOWS\system32\perfh01B.dat
2015-08-08 10:45 - 2015-08-13 21:52 - 00017950 _____ C:\WINDOWS\system32\perfc01B.dat
2015-08-08 10:43 - 2015-08-08 10:43 - 00000000 ____D C:\Users\Andrej\AppData\Local\Apps\2.0
2015-08-05 22:53 - 2015-08-13 23:06 - 00000986 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-05 22:32 - 2015-08-05 22:32 - 00003152 _____ C:\WINDOWS\System32\Tasks\{CAAEE50B-781F-4E24-810C-98E9D4DB1D3C}
2015-08-05 22:29 - 2015-08-05 22:29 - 00000000 ____D C:\ProgramData\KingSoft
2015-08-05 22:25 - 2015-08-13 21:56 - 00000000 ____D C:\RavBin
2015-08-05 22:25 - 2015-08-05 22:25 - 00000150 ____N C:\rising.ini
2015-08-05 22:25 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\vpatch.dll
2015-08-05 22:25 - 2014-01-02 09:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\ravext64.dll
2015-08-05 22:25 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\ravext.dll
2015-08-05 22:25 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\bsmain.exe
2015-08-05 22:24 - 2015-08-05 22:25 - 00000000 ____D C:\ProgramData\Rising
2015-08-05 22:24 - 2015-08-05 22:24 - 00000000 ____D C:\Program Files (x86)\Rising
2015-08-05 22:24 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\sysmon.sys
2015-08-05 22:24 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsutils.sys
2015-08-05 22:24 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsndisp.sys
2015-08-05 22:21 - 2015-08-05 22:21 - 00000000 ____D C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-08-05 22:08 - 2015-08-05 22:11 - 00000000 ____D C:\ProgramData\LocalStorage
2015-08-05 22:05 - 2015-08-05 22:05 - 00000000 ____D C:\Users\Andrej\.android
2015-08-05 22:04 - 2015-08-05 22:04 - 00000000 ____D C:\Users\Andrej\AppData\Roaming\ppslog
2015-08-05 21:54 - 2015-08-05 21:53 - 00613255 _____ (CMI Limited) C:\Users\Andrej\AppData\Local\nsa8192.tmp
2015-08-05 21:44 - 2015-08-05 22:28 - 00000000 ____D C:\Users\Andrej\AppData\Local\Unity
2015-08-05 21:44 - 2015-08-05 21:44 - 00000000 ____D C:\ppsfile
2015-08-05 21:42 - 2015-08-05 21:42 - 00000000 ____D C:\Users\Public\QiYi
2015-08-05 21:41 - 2015-08-05 21:41 - 00000000 ____D C:\ProgramData\6WinManPro6
2015-08-05 20:39 - 2013-09-13 14:13 - 02214216 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-08-04 22:25 - 2015-08-04 22:26 - 00000000 ____D C:\Users\Andrej\AppData\Local\F25B4580-1438727156-18CC-915D-0B5C24CEB4A4
2015-08-04 22:25 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-07-30 21:13 - 2015-07-30 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-30 21:12 - 2015-07-30 21:12 - 00000000 ____D C:\Program Files (x86)\Skype
2015-07-23 21:27 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-23 21:27 - 2015-04-30 01:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-23 21:24 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-23 21:24 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-23 21:24 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-23 21:24 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-23 21:24 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-23 21:24 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-23 21:24 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-23 21:24 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-23 21:24 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-23 21:24 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-23 21:24 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-23 21:24 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-23 21:24 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-23 21:24 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-23 21:24 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-23 21:24 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-23 21:24 - 2015-05-07 19:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-23 21:24 - 2015-05-07 19:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-23 21:24 - 2015-05-07 18:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-23 21:24 - 2015-05-07 18:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-23 21:24 - 2015-05-03 02:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-23 21:23 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-23 21:23 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-23 21:23 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-23 21:23 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-23 21:23 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-23 21:23 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-23 21:23 - 2015-05-07 17:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-23 21:23 - 2015-05-07 17:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-23 21:21 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-23 21:21 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-23 21:21 - 2015-05-11 20:17 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-23 21:21 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-23 21:21 - 2015-05-03 17:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-23 21:21 - 2015-05-03 16:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-23 21:21 - 2015-05-03 16:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-23 21:21 - 2015-05-03 16:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-23 21:21 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-23 21:21 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-23 21:21 - 2015-04-25 04:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-23 21:21 - 2014-11-04 21:25 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-23 21:21 - 2014-11-04 21:25 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-23 21:21 - 2014-11-04 08:55 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-23 21:21 - 2014-11-04 08:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-23 21:21 - 2014-11-04 08:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-23 21:21 - 2014-11-04 08:54 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-23 21:20 - 2015-07-14 16:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-23 21:20 - 2015-07-14 16:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-23 21:20 - 2015-07-14 16:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-23 21:20 - 2015-07-14 16:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-23 21:20 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-23 21:20 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-23 21:20 - 2015-05-12 15:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-23 21:20 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-23 21:20 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-23 21:20 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-23 21:20 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-23 21:20 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-23 21:20 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-23 21:17 - 2015-07-23 21:17 - 00000283 _____ C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kôš.lnk
2015-07-23 20:04 - 2015-07-23 20:04 - 00001372 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2015-07-23 20:04 - 2015-07-23 20:04 - 00000000 ____D C:\Users\Public\Foxit Software
2015-07-23 20:04 - 2015-07-23 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-07-23 18:13 - 2015-08-13 23:06 - 00003480 _____ C:\WINDOWS\System32\Tasks\snp
2015-07-23 18:13 - 2015-08-13 23:06 - 00003118 _____ C:\WINDOWS\System32\Tasks\snf
2015-07-22 23:17 - 2015-07-23 18:45 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-07-22 23:16 - 2015-07-23 18:46 - 00000000 ____D C:\Program Files\Java
2015-07-21 21:52 - 2015-08-05 21:54 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-21 20:54 - 2015-08-05 20:51 - 00000000 ____D C:\Users\Andrej\AppData\Local\Opera Software
2015-07-21 20:54 - 2015-08-05 20:50 - 00000000 ____D C:\Users\Andrej\AppData\Roaming\Opera Software
2015-07-21 20:53 - 2015-07-21 20:53 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-07-21 20:53 - 2015-07-21 20:53 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-07-21 20:52 - 2015-07-22 23:01 - 00000000 ____D C:\Program Files\Checker
2015-07-21 20:51 - 2015-08-05 20:51 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-21 20:46 - 2015-07-21 20:50 - 00662520 _____ (DJPSR) C:\Users\Andrej\Downloads\Tele.Atlas.Blaupunkt.EUROPA.-.Blaupunkt.Travel.Pilot.EX.VW.RNS.MFD.2015.DVD.exe
2015-07-15 22:05 - 2015-07-15 22:05 - 00003434 _____ C:\WINDOWS\System32\Tasks\Settings
2015-07-15 22:04 - 2015-07-15 22:04 - 00002049 _____ C:\Users\Public\Desktop\Samsung Settings.lnk
2015-07-15 21:22 - 2015-07-15 21:59 - 00001915 _____ C:\Users\Public\Desktop\Samsung Update.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-14 12:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-14 11:50 - 2012-12-18 23:18 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-616606610-2038691625-1780101643-1002
2015-08-14 11:45 - 2013-01-09 21:55 - 00000000 ____D C:\Users\Andrej\AppData\Roaming\Skype
2015-08-14 11:28 - 2013-12-31 22:38 - 02078140 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-14 11:25 - 2013-09-21 10:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-14 11:22 - 2013-05-23 22:26 - 00000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-14 11:11 - 2012-09-13 02:16 - 00000000 ____D C:\ProgramData\WinClon
2015-08-14 11:09 - 2013-05-23 22:26 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-14 11:08 - 2014-01-01 06:07 - 00000000 __RDO C:\Users\Andrej\SkyDrive
2015-08-14 00:22 - 2012-12-20 23:35 - 00372736 ___SH C:\Users\Andrej\Desktop\Thumbs.db
2015-08-13 23:09 - 2013-08-22 16:46 - 00391501 _____ C:\WINDOWS\setupact.log
2015-08-13 23:09 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-13 23:08 - 2013-11-14 00:20 - 00098160 _____ C:\WINDOWS\PFRO.log
2015-08-13 23:08 - 2013-08-22 15:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-08-13 23:06 - 2014-01-01 06:03 - 00001459 _____ C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-13 23:05 - 2013-12-31 22:08 - 00000000 ____D C:\Users\Andrej
2015-08-13 22:04 - 2012-12-18 23:35 - 00000000 ____D C:\Users\Andrej\AppData\Local\CrashDumps
2015-08-13 21:52 - 2013-11-14 09:28 - 00964996 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-13 21:39 - 2012-09-13 02:08 - 00064100 _____ C:\WINDOWS\DPINST.LOG
2015-08-13 21:31 - 2012-09-13 02:19 - 00000000 ____D C:\ProgramData\Samsung
2015-08-13 21:25 - 2013-09-21 10:30 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-13 21:10 - 2012-09-13 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-08-13 21:10 - 2012-09-13 01:31 - 00000000 ____D C:\Program Files\Samsung
2015-08-13 21:10 - 2012-09-13 01:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-13 20:53 - 2014-01-01 16:16 - 00003966 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D3D8DC7A-2348-47C5-A5A6-DB855B4E575A}
2015-08-10 22:52 - 2012-12-19 22:21 - 00000000 ____D C:\Users\Andrej\Documents\Address
2015-08-10 22:01 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-10 21:49 - 2012-12-22 21:13 - 00122872 _____ C:\Users\Andrej\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-10 21:37 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-08 10:41 - 2014-12-04 22:25 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpdsvc.dll
2015-08-08 10:41 - 2013-08-22 13:32 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprhelp.dll
2015-08-08 10:41 - 2013-08-22 13:31 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprmonui.dll
2015-08-08 10:41 - 2013-08-22 13:31 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpr.exe
2015-08-08 10:41 - 2013-08-22 13:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpq.exe
2015-08-08 10:20 - 2013-08-22 16:44 - 00485232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-08 10:00 - 2012-09-13 02:23 - 00000000 ____D C:\ProgramData\Temp
2015-08-05 22:22 - 2012-12-18 23:12 - 00000000 ____D C:\Users\Andrej\AppData\Local\VirtualStore
2015-08-05 21:06 - 2014-02-16 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-05 21:06 - 2012-09-13 02:14 - 00000000 ____D C:\ProgramData\Norton
2015-08-05 20:49 - 2013-03-06 13:47 - 00000000 ____D C:\Program Files (x86)\Nokia
2015-08-05 20:49 - 2013-03-06 13:38 - 00000000 ____D C:\ProgramData\Installations
2015-08-05 20:38 - 2012-09-13 01:31 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-08-05 20:35 - 2012-09-13 02:24 - 00000000 ____D C:\ProgramData\CyberLink
2015-08-05 20:30 - 2012-12-19 22:11 - 00000000 ____D C:\Users\Andrej\AppData\Roaming\CyberLink
2015-07-30 23:32 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-30 23:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-30 23:30 - 2012-12-21 22:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-30 21:38 - 2012-12-20 01:41 - 00000000 ____D C:\Users\Andrej\Documents\TomTom
2015-07-30 21:33 - 2013-11-07 22:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-30 21:13 - 2013-01-09 21:54 - 00000000 ____D C:\ProgramData\Skype
2015-07-27 22:37 - 2012-12-18 23:14 - 00000000 ____D C:\Users\Andrej\Documents\Bluetooth Folder
2015-07-23 22:58 - 2012-12-20 01:41 - 00000000 ____D C:\Users\Andrej\Documents\pozvanky, akcie
2015-07-23 22:10 - 2014-10-25 22:48 - 00000000 ____D C:\Users\Andrej\Documents\e-Faktury
2015-07-23 21:11 - 2015-04-01 22:23 - 00000000 ____D C:\Users\Andrej\AppData\Local\EmieBrowserModeList
2015-07-23 21:11 - 2014-07-25 20:39 - 00000000 ____D C:\Users\Andrej\AppData\Local\EmieUserList
2015-07-23 21:11 - 2014-07-25 20:39 - 00000000 ____D C:\Users\Andrej\AppData\Local\EmieSiteList
2015-07-23 18:48 - 2013-11-04 22:02 - 00000000 ____D C:\ProgramData\Oracle
2015-07-23 18:47 - 2014-10-29 21:38 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-23 18:45 - 2014-10-29 21:39 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-07-21 21:09 - 2014-09-02 22:55 - 00000000 ____D C:\Users\Andrej\AppData\Local\Adobe
2015-07-21 20:31 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-17 22:19 - 2013-10-02 22:23 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-17 22:19 - 2013-10-02 22:23 - 00002044 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-07-17 01:10 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-16 23:42 - 2014-09-26 20:57 - 00285184 ___SH C:\Users\Andrej\Downloads\Thumbs.db
2015-07-16 22:51 - 2012-12-20 01:39 - 00000000 ____D C:\Users\Andrej\Documents\navody (aj pre kvety)
2015-07-16 22:44 - 2014-12-28 22:04 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-16 21:17 - 2013-05-23 22:26 - 00003930 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 21:17 - 2013-05-23 22:26 - 00003694 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2013-10-03 22:15 - 2013-10-03 22:15 - 0038464 _____ () C:\Users\Andrej\AppData\Roaming\Hodnoty oddělené tabulátory (Windows).ADR
2013-10-03 22:12 - 2013-10-03 22:12 - 0038459 _____ () C:\Users\Andrej\AppData\Roaming\Hodnoty oddělené čárkami (Windows).ADR
2013-10-03 22:16 - 2013-10-03 22:16 - 0038450 _____ () C:\Users\Andrej\AppData\Roaming\Microsoft Excel 97-2003.ADR
2013-11-28 22:28 - 2015-01-07 22:26 - 0008704 _____ () C:\Users\Andrej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-19 19:07 - 2014-09-19 19:07 - 0004096 _____ () C:\Users\Andrej\AppData\Local\keyfile3.drm
2015-08-05 21:54 - 2015-08-05 21:53 - 0613255 _____ (CMI Limited) C:\Users\Andrej\AppData\Local\nsa8192.tmp
2013-01-24 22:43 - 2015-04-02 00:54 - 0007624 _____ () C:\Users\Andrej\AppData\Local\resmon.resmoncfg
2014-01-21 21:50 - 2014-01-21 21:50 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2013-01-17 23:59 - 2015-05-01 11:38 - 0006315 _____ () C:\ProgramData\hpzinstall.log
2013-03-04 19:53 - 2013-02-21 17:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-03-04 19:53 - 2013-01-13 00:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some files in TEMP:
====================
C:\Users\Andrej\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrej\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Rising Antivirus (Enabled - Up to date) {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Rising Antivirus (Enabled - Up to date) {60A88726-9BAA-8843-60B1-768966A982DA}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Andrej\Desktop" je 239 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[JaRon]

pouzi tento fixlist:

Kód: Vybrat vše

Start

(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rsmain.exe
HKLM-x32\...\Run: [gmsd_ra_005010052] => [X]
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&t ... FPJAWFPJAW
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... GEWQBucCfl
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> {81AB536F-FCA7-4383-8850-903CBBD0784D} URL = 
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-05-21] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag [X]
S2 hegisoje; C:\Program Files (x86)\F25B4580-1438719879-18CC-915D-0B5C24CEB4A4\knso83E3.tmp [X]
S2 hyverumu; C:\Program Files (x86)\F25B4580-1438719879-18CC-915D-0B5C24CEB4A4\jnslB42E.tmp [X]
S2 sigokide; C:\Program Files (x86)\F25B4580-1438719879-18CC-915D-0B5C24CEB4A4\knsd87D8.tmpfs [X]
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.)
2015-08-05 22:29 - 2015-08-05 22:29 - 00000000 ____D C:\ProgramData\KingSoft
2015-08-05 22:25 - 2015-08-13 21:56 - 00000000 ____D C:\RavBin
2015-08-05 22:25 - 2015-08-05 22:25 - 00000150 ____N C:\rising.ini
2015-08-05 22:25 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\vpatch.dll
2015-08-05 22:25 - 2014-01-02 09:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\ravext64.dll
2015-08-05 22:25 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\ravext.dll
2015-08-05 22:25 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\bsmain.exe
2015-08-05 22:24 - 2015-08-05 22:25 - 00000000 ____D C:\ProgramData\Rising
2015-08-05 22:24 - 2015-08-05 22:24 - 00000000 ____D C:\Program Files (x86)\Rising
2015-08-05 22:24 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\sysmon.sys
2015-08-05 22:24 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsutils.sys
2015-08-05 22:24 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsndisp.sys
2015-08-05 22:21 - 2015-08-05 22:21 - 00000000 ____D C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件

Hosts:
EmptyTemp:
Reboot:
End

[JaRon]

navod -citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>



•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[kode]

tu je : a co dalej?

Fix result of Farbar Recovery Scan Tool (x64) Version:13-08-2015
Ran by Andrej (2015-08-14 15:08:26) Run:1
Running from C:\Users\Andrej\Desktop
Loaded Profiles: Andrej (Available Profiles: Andrej & Laurika & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\ravmond.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RAV\rsmain.exe
HKLM-x32\...\Run: [gmsd_ra_005010052] => [X]
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&t ... FPJAWFPJAW
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... GEWQBucCfl
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> {81AB536F-FCA7-4383-8850-903CBBD0784D} URL =
SearchScopes: HKU\S-1-5-21-616606610-2038691625-1780101643-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... FYkilXJ&q={searchTerms}
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-05-21] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag [X]
S2 hegisoje; C:\Program Files (x86)\F25B4580-1438719879-18CC-915D-0B5C24CEB4A4\knso83E3.tmp [X]
S2 hyverumu; C:\Program Files (x86)\F25B4580-1438719879-18CC-915D-0B5C24CEB4A4\jnslB42E.tmp [X]
S2 sigokide; C:\Program Files (x86)\F25B4580-1438719879-18CC-915D-0B5C24CEB4A4\knsd87D8.tmpfs [X]
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.)
2015-08-05 22:29 - 2015-08-05 22:29 - 00000000 ____D C:\ProgramData\KingSoft
2015-08-05 22:25 - 2015-08-13 21:56 - 00000000 ____D C:\RavBin
2015-08-05 22:25 - 2015-08-05 22:25 - 00000150 ____N C:\rising.ini
2015-08-05 22:25 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\vpatch.dll
2015-08-05 22:25 - 2014-01-02 09:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\ravext64.dll
2015-08-05 22:25 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\ravext.dll
2015-08-05 22:25 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\SysWOW64\bsmain.exe
2015-08-05 22:24 - 2015-08-05 22:25 - 00000000 ____D C:\ProgramData\Rising
2015-08-05 22:24 - 2015-08-05 22:24 - 00000000 ____D C:\Program Files (x86)\Rising
2015-08-05 22:24 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\sysmon.sys
2015-08-05 22:24 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsutils.sys
2015-08-05 22:24 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\rsndisp.sys
2015-08-05 22:21 - 2015-08-05 22:21 - 00000000 ____D C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件

Hosts:
EmptyTemp:
Reboot:
End

*****************

C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe => Could not close process
C:\Program Files (x86)\Rising\RAV\ravmond.exe => Could not close process
C:\Program Files (x86)\Rising\RAV\rsmain.exe => Could not close process
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_ra_005010052 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RSDTRAY => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RavTRAY => value could not remove.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-616606610-2038691625-1780101643-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-616606610-2038691625-1780101643-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
"HKU\S-1-5-21-616606610-2038691625-1780101643-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{81AB536F-FCA7-4383-8850-903CBBD0784D}" => key removed successfully
HKCR\CLSID\{81AB536F-FCA7-4383-8850-903CBBD0784D} => key not found.
"HKU\S-1-5-21-616606610-2038691625-1780101643-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found.
RsMgrSvc => Unable to stop service.
RsMgrSvc => service removed successfully
RsRavMon => Unable to stop service.
RsRavMon => service could not remove
ExtTag => Unable to stop service.
ExtTag => service removed successfully
hegisoje => service removed successfully
hyverumu => service removed successfully
sigokide => service removed successfully
sysmon => Unable to stop service.
sysmon => service could not remove
C:\ProgramData\KingSoft => moved successfully.

"C:\RavBin" folder move:

Could not move "C:\RavBin" => Scheduled to move on reboot.

C:\rising.ini => moved successfully.
C:\WINDOWS\SysWOW64\vpatch.dll => moved successfully.
C:\WINDOWS\system32\ravext64.dll => moved successfully.
C:\WINDOWS\SysWOW64\ravext.dll => moved successfully.
C:\WINDOWS\SysWOW64\bsmain.exe => moved successfully.

"C:\ProgramData\Rising" folder move:

Could not move "C:\ProgramData\Rising" => Scheduled to move on reboot.


"C:\Program Files (x86)\Rising" folder move:

Could not move "C:\Program Files (x86)\Rising" => Scheduled to move on reboot.

Could not move "C:\WINDOWS\system32\Drivers\sysmon.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\rsutils.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\rsndisp.sys" => Scheduled to move on reboot.
C:\Users\Andrej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 2.3 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-14 15:36:33)<=

C:\RavBin => Is moved successfully
C:\ProgramData\Rising => Is moved successfully
C:\Program Files (x86)\Rising => Is moved successfully
C:\WINDOWS\system32\Drivers\sysmon.sys => Is moved successfully
C:\WINDOWS\system32\Drivers\rsutils.sys => Is moved successfully
C:\WINDOWS\system32\Drivers\rsndisp.sys => Is moved successfully

==== End of Fixlog 15:36:33 ====

[JaRon]

nuz v tomto stave by malo postacit docistit s CCleanerom

[kode]

Docistil som to CCleanerom, na 4-krat to bolo bez problemov. Defender sa uz dal zapnut, vsetko vyzera O.K. "Činania odisli". Dakujem za Vase profi riesenia
Co s programami ako Adwcleaner, FRST ? Odinstalovat ich?

[JaRon]

citat:
DelFix https://toolslib.net/downloads/finish/2/
•Stahnete a spustte
•Ponechte zatrzitkou pouze u volby Remove disinfection tools
•Kliknete na Run