Prosím o kontrolu

[doom1970]

Před časem jsem s kodeky nainstaloval nějaký program v čínštině. Sice jsem ho odinstaloval, ale mám tušení, že po něm asi něco zůstalo. Prosím o kontrolu:

Logfile of random's system information tool 1.10 (written by random/random)
Run by JINDRA at 2015-08-18 16:49:50
Microsoft Windows 7 Professional
System drive C: has 27 GB (36%) free of 76 GB
Total RAM: 2047 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:50:09, on 18.8.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\PROGRAM FILES (X86)\RISING\RAV\RSTRAY.EXE
C:\Program Files (x86)\Rising\RSD\popwndexe.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\JINDRA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [RavTRAY] "C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE" -system
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
O23 - Service: Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RAV\ravmond.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\Windows\SysWOW64\ssins.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6956 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe /pipeName=c2feea3f-0200-0000-cf17-af2d3a7d5c42 /binaryPath="C:\Program Files (x86)\AVG\AVG2015\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe"
"C:\Program Files (x86)\Rising\RAV\ravmond.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgemca.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
"C:\PROGRAM FILES (X86)\RISING\RAV\RSTRAY.EXE" -system
"C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
"C:\PROGRAM FILES (X86)\RISING\RAV\rstray64.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
ctfmon.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --on-initialized-event-handle=300 --parent-handle=304
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3376.0.1534720089\109939971" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,9,22,45,55 --disable-accelerated-video-decode --gpu-vendor-id=0x10de --gpu-device-id=0x0404 --gpu-driver-vendor=NVIDIA --gpu-driver-version=8.15.11.8593 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/*AutofillEnabled/Default/*AutofillFieldMetadata/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledConnectionRacing/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/ReportCertificateErrors/ShowAndPossiblySend/*ReportCertificateErrorsOverHttp/UploadReportsOverHttp/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_41/*UMA-Uniformity-Trial-10-Percent/group_04/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --gpu-rasterization-msaa-sample-count=8 --use-image-texture-target=3553 --disable-accelerated-video-decode --channel="3376.5.1138495542\408278570" --font-cache-shared-handle=3044 /prefetch:673131151

taskeng.exe {61573482-3714-4BF4-9682-91985814875D}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"C:\Users\JINDRA\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe



======Scheduled tasks folder======

C:\Windows\tasks\59f65973-ec3c-4b49-a599-08a71b90d0d9.job - C:\Program Files (x86)\Internet Speed Checker\59f65973-ec3c-4b49-a599-08a71b90d0d9.exe /agentregpath='Internet Speed Checker' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=03A6C264AD8F4DD5BDEF76F388930B30IE /verifier=02b61a8c42b20a7d5f90a3109735ee64 /installerversion=1_35_09_29 /installationtime=1415612578 /statsdomain=http://stats.newinputinfoservice.com /errorsdomain=http://errors.newinputinfoservice.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http://logs.newinputinfoservice.com /runfrom='task' /externallog=''
C:\Windows\tasks\5e60e387-19d6-4f92-a648-9ae3c329cbb6.job - C:\Program Files (x86)\Internet Speed Checker\5e60e387-19d6-4f92-a648-9ae3c329cbb6.exe 001726 03A6C264AD8F4DD5BDEF76F388930B30IE 61752 1415612578 93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 Internet Speed Checker
C:\Windows\tasks\GlaryInitialize 5.job - C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
C:\Windows\tasks\GlaryUpdate 5.job - C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe /schedulestart
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GU5SkipUAC.job - C:\Program Files (x86)\Glary Utilities 5\Integrator.exe $(Arg0)
C:\Windows\tasks\jEGWb6kb1frSi4z0A.job - C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A.exe --c=PHko1rWUXvNVaIEf4IW3eWiKwy87lfocSZMGUYiLRpjECW+heDxnlLoyU+ELVeKzjMPpfY954cUu/vDs7OZTUMm5T3wHi2tbRiCGWOY8uE5PBREKvPc3cuFNGe55aPanGHLxENpiY91TtZwNDVivn8v4X9prXxHz+UrTZCHkR+A6YYKcSPj5ug9FLW6KAShWDdOU3hK9qkm7j02SnPWuP3tUEfjXQ1keyNqymLmtU745qA3uoNR1Gz6c/CKyCVFJlW3Ze9GELB2l5vBsTnc1priDBFVYO6FiZjgfqnAt6GdlmuLhjdqITLiAGH8sntoC/r1emTtSx77c4KRw77AZvg==

=========Mozilla firefox=========

ProfilePath - C:\Users\JINDRA\AppData\Roaming\Mozilla\Firefox\Profiles\0cuumhk5.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.188 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.188 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@unity3d.com/UnityPlayer64,version=1.0]
"Description"=Unity Player 4.6.5f1
"Path"=C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2015\avgui.exe [2015-07-31 3780520]
"RavTRAY"=C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [2014-05-15 111000]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\QQPCRTP]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-18 16:49:52 ----D---- C:\Program Files\trend micro
2015-08-18 16:49:50 ----D---- C:\rsit
2015-08-17 23:43:53 ----A---- C:\Windows\system32\drivers\hitmanpro37.sys
2015-08-17 22:50:44 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-17 22:50:44 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-08-17 22:50:44 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-08-17 22:50:44 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-08-17 22:36:48 ----A---- C:\autoexec.bat
2015-08-17 22:09:00 ----A---- C:\runcheck.txt
2015-08-17 22:06:45 ----D---- C:\zoek_backup
2015-08-17 21:18:45 ----D---- C:\ProgramData\GlarySoft
2015-08-17 21:10:46 ----D---- C:\ProgramData\HitmanPro
2015-08-17 20:18:08 ----D---- C:\Users\JINDRA\AppData\Roaming\DiskDefrag
2015-08-17 20:18:08 ----A---- C:\Windows\system32\drivers\GUBootStartup.sys
2015-08-17 20:18:07 ----D---- C:\Users\JINDRA\AppData\Roaming\GlarySoft
2015-08-17 20:17:42 ----D---- C:\Program Files (x86)\Glary Utilities 5
2015-08-14 20:40:08 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-08-13 19:14:30 ----A---- C:\Windows\system32\authuitu.dll
2015-08-13 19:14:29 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2015-08-13 19:14:23 ----A---- C:\Windows\system32\uxtuneup.dll
2015-08-13 19:14:22 ----A---- C:\Windows\SYSWOW64\uxtuneup.dll
2015-08-13 12:41:24 ----N---- C:\bootsqm.dat
2015-08-13 12:40:13 ----SHD---- C:\found.004
2015-07-28 11:02:14 ----A---- C:\Windows\system32\drivers\avgidsdrivera.sys
2015-07-28 11:01:38 ----A---- C:\Windows\system32\drivers\avgmfx64.sys
2015-07-25 15:45:48 ----N---- C:\Windows\system32\drivers\hvm.sys

======List of files/folders modified in the last 1 month======

2015-08-18 16:49:52 ----RD---- C:\Program Files
2015-08-18 16:45:15 ----D---- C:\Windows\Temp
2015-08-18 16:39:49 ----D---- C:\Windows\Prefetch
2015-08-18 16:10:39 ----D---- C:\ProgramData\MFAData
2015-08-18 16:09:41 ----D---- C:\Windows\System32
2015-08-18 16:09:41 ----D---- C:\Windows\inf
2015-08-18 16:09:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-18 16:05:45 ----D---- C:\Windows\system32\Tasks
2015-08-18 00:08:14 ----D---- C:\Windows\pss
2015-08-17 23:55:07 ----AHD---- C:\ProgramData
2015-08-17 23:54:48 ----D---- C:\Program Files\Common Files
2015-08-17 23:54:41 ----D---- C:\Program Files (x86)\Common Files
2015-08-17 23:54:30 ----D---- C:\Windows\system32\drivers
2015-08-17 23:52:36 ----D---- C:\Windows\Tasks
2015-08-17 23:50:06 ----SHD---- C:\System Volume Information
2015-08-17 23:40:55 ----D---- C:\Windows\Cursors
2015-08-17 23:39:58 ----RD---- C:\Program Files (x86)
2015-08-17 23:39:55 ----D---- C:\Program Files (x86)\Movies App
2015-08-17 23:39:44 ----D---- C:\Windows\SysWOW64
2015-08-17 23:24:53 ----D---- C:\Windows
2015-08-17 23:24:43 ----D---- C:\Windows\system32\catroot2
2015-08-17 22:14:37 ----D---- C:\Users\JINDRA\AppData\Roaming\vlc
2015-08-17 21:25:49 ----SHD---- C:\Windows\Installer
2015-08-17 21:25:48 ----SHD---- C:\Config.Msi
2015-08-17 21:24:42 ----D---- C:\Program Files\Common Files\AV
2015-08-17 20:57:34 ----D---- C:\Program Files (x86)\AVG
2015-08-17 20:52:46 ----D---- C:\ProgramData\Norton
2015-08-17 20:41:26 ----A---- C:\Windows\system32\avgrep.txt
2015-08-15 10:50:04 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-13 16:03:10 ----D---- C:\Windows\system32\wbem
2015-08-13 16:01:30 ----D---- C:\Windows\system32\DriverStore
2015-08-13 16:01:28 ----D---- C:\Windows\SYSWOW64\drivers
2015-08-13 16:01:28 ----D---- C:\Windows\registration
2015-08-13 13:18:45 ----D---- C:\Windows\Minidump
2015-08-13 13:16:11 ----D---- C:\Windows\system32\catroot
2015-08-12 11:46:15 ----D---- C:\Games
2015-08-11 22:09:10 ----D---- C:\Program Files (x86)\Java
2015-08-11 22:03:47 ----D---- C:\Program Files (x86)\Pivot Animator
2015-08-11 22:03:26 ----D---- C:\Program Files (x86)\MTA San Andreas 1.3
2015-08-11 22:02:20 ----D---- C:\Program Files (x86)\GoodGame Empire Rubny HACK 2014
2015-08-11 21:49:30 ----D---- C:\Program Files (x86)\Skype
2015-08-08 14:42:59 ----RD---- C:\RavBin
2015-08-08 08:50:57 ----D---- C:\Windows\Logs
2015-08-04 14:25:52 ----A---- C:\Windows\system32\TURegOpt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2015-05-12 253408]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2015-05-07 378336]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2015-07-28 245680]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2015-03-20 40928]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sysmon;sysmon; C:\Windows\system32\DRIVERS\sysmon.sys [2015-04-30 119256]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2015-03-11 162784]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2015-07-28 312752]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2015-06-16 259040]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2015-05-12 281568]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 GUBootStartup;GUBootStartup; \??\C:\Windows\System32\drivers\GUBootStartup.sys [2015-08-17 20160]
R1 HyperVM;HyperVM; \??\C:\Windows\system32\drivers\hvm.sys [2015-07-25 41784]
R1 rsutils;rsutils; C:\Windows\system32\DRIVERS\rsutils.sys [2015-04-09 71760]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-06-18 25816]
R3 rt61x64;RT61 Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr6164.sys [2010-04-08 446304]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 hitmanpro37;HitmanPro 3.7 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro37.sys [2015-08-17 43664]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-08-17 113880]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-06-18 63704]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 rt70x64;Wireless 11g RT2500 USB 2.0 Network Driver for Vista; C:\Windows\system32\DRIVERS\netr7064.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S4 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-07-31 3633576]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-07-31 335656]
R2 RsMgrSvc;Rsd Service; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [2015-08-06 196288]
R2 RsRavMon;Rav Service; C:\Program Files (x86)\Rising\RAV\ravmond.exe [2014-05-15 277552]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-19 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-14 149160]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ssinstall;SInstalátor; C:\Windows\SysWOW64\ssins.exe [2014-11-10 2324216]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-13 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner[C?].txt, ten sem vlozte

[doom1970]

Při čištění se spustil jakýsi Rising antivirus? Po restartu běží ve správci úloh rstray.exe*32 s popisem v čínštině.

# AdwCleaner v5.001 - Logfile created 18/08/2015 at 18:55:04
# Updated 17/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 7 Professional (x64)
# Username : JINDRA - JINDRA-PC
# Running from : C:\Users\JINDRA\Desktop\adwcleaner_5.001.exe
# Option : Cleaning

***** [ Services ] *****

[-] Service Deleted : RsMgrSvc
[-] Service Deleted : RsRavMon

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Movies App
[-] Folder Deleted : C:\Program Files (x86)\Zrychleni Pocitace
[#] Folder Deleted : C:\Program Files (x86)\Rising
[#] Folder Deleted : C:\ProgramData\Rising
[-] Folder Deleted : C:\Users\JINDRA\AppData\Local\Orbitum
[-] Folder Deleted : C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Folder Deleted : C:\Users\JINDRA\AppData\LocalLow\Internet Speed Checker
[-] Folder Deleted : C:\Users\JINDRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
[-] File Deleted : C:\Windows\SysWOW64\drivers\TS888x64.sys

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\JINDRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\METNSD
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SOFTWARE\be4fe1f6-eb00-4733-a945-7ee545ae80f1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Media Get LLC
[-] Key Deleted : HKCU\Software\MediaGet
[-] Key Deleted : HKCU\Software\reimagerepair
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MediaGet
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\Media Get LLC
[!] Key Not Deleted : [x64] HKCU\Software\MediaGet
[!] Key Not Deleted : [x64] HKCU\Software\reimagerepair
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []

***** [ Web browsers ] *****

[-] [C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : oursurfing.com
[-] [C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : oursurfing
[-] [C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.oursurfing.com/webfavicon.ico
[-] [C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.oursurfing.com/?type=sy&ts=14361968 ... S_5JVF0S1J

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C2].txt - [4483 bytes] - [18/08/2015 18:55:04]
C:\AdwCleaner[S2].txt - [4696 bytes] - [18/08/2015 18:37:15]

########## EOF - C:\AdwCleaner[C2].txt - [4607 bytes] ##########

[vyosek]

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=30&t=133101

[doom1970]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by JINDRA (administrator) on JINDRA-PC (19-08-2015 15:05:14)
Running from C:\Users\JINDRA\Desktop
Loaded Profiles: JINDRA (Available Profiles: JINDRA & Guest)
Platform: Windows 7 Professional (X64) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(forum.viry.cz) C:\Users\JINDRA\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\...\MountPoints2: {8c68e4e5-e94b-11e3-89eb-0019dbf8fb85} - E:\Startme.exe
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\...\MountPoints2: {cc43adc3-9678-11e0-93e2-806e6f6e6963} - D:\setup.exe
BootExecute: autocheck autochk * bsmain

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://home.microsoft.com/search/lobby/search.asp
SearchScopes: HKU\S-1-5-21-3114736977-2469553296-3390899700-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2007-12-07] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{0E015B87-8150-407C-BA09-B196BC7E6E48}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{D50463AD-5031-455A-979A-650AFC54FCC5}: [DhcpNameServer] 192.168.42.129

FireFox:
========
FF ProfilePath: C:\Users\JINDRA\AppData\Roaming\Mozilla\Firefox\Profiles\0cuumhk5.default
FF Homepage: http://www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-04-27] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (anbfhidldjknonaihbalghlebaijealk) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbfhidldjknonaihbalghlebaijealk [2015-04-02]
CHR Extension: (Google Docs) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-19]
CHR Extension: (Google Drive) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-19]
CHR Extension: (YouTube) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-19]
CHR Extension: (Facebook Secret Emoticons) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2015-04-19]
CHR Extension: (Sniper OMOH) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbgpnekbennkmggdcahbdjnbckcbakpg [2014-12-21]
CHR Extension: (Battlefield Heroes) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-06-18]
CHR Extension: (Kingdom Rush) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim [2014-12-21]
CHR Extension: (Google Search) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-19]
CHR Extension: (Denki Word Quest) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibnbdoaalhdbddheelckdbghjhgkahn [2015-04-18]
CHR Extension: (First Person Shooting Games - Multiplayer) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\emnfpenpopnamjanbfdpfhiealannkeb [2014-12-21]
CHR Extension: (Call Of Duty Crossfire) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\glpkfefjennoapfkpbilgjlohjlnfdol [2014-12-21]
CHR Extension: (Arcane Legends) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2015-04-18]
CHR Extension: (Uncharted 2) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmioeheihppgmilgbdcameakgnfapfob [2014-12-21]
CHR Extension: (Drakensang Online) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgloifppaepihckkhiocnodicehjdoof [2014-12-21]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-07-07]
CHR Extension: (River Assault 3D) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhoegldbmeholobfechogmibmkhonnlf [2014-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-23]
CHR Extension: (Gmail) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
S3 ssinstall; C:\Windows\SysWOW64\ssins.exe [2324216 2014-11-10] (PS Media s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S4 RsMgrSvc; "C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe" [X]
S4 RsRavMon; "C:\Program Files (x86)\Rising\RAV\RavMonD.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-08-17] (Glarysoft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-17] ()
R1 hooksys; C:\Windows\system32\drivers\Hooksys.sys [37016 2012-12-24] (Beijing Rising Information Technology Co., Ltd.)
R1 HookTdi; C:\Windows\system32\drivers\HookTdi.sys [30360 2012-12-24] (Beijing Rising Information Technology Co., Ltd.)
R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-07-25] (Beijing Rising Information Technology Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 rt70x64; system32\DRIVERS\netr7064.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 15:05 - 2015-08-19 15:06 - 00013086 _____ C:\Users\JINDRA\Desktop\FRST.txt
2015-08-19 15:04 - 2015-08-19 15:05 - 00000000 ____D C:\FRST
2015-08-19 15:01 - 2015-08-19 15:01 - 00112640 _____ (forum.viry.cz) C:\Users\JINDRA\Desktop\FRSTLauncher.exe
2015-08-19 15:01 - 2015-08-19 14:58 - 02173440 _____ (Farbar) C:\Users\JINDRA\Desktop\FRST64.exe
2015-08-18 23:44 - 2015-08-18 23:44 - 00001074 _____ C:\Users\JINDRA\Desktop\JRT.txt
2015-08-18 23:18 - 2015-08-19 14:55 - 00000056 _____ C:\Windows\setupact.log
2015-08-18 23:18 - 2015-08-18 23:18 - 00000000 _____ C:\Windows\setuperr.log
2015-08-18 22:59 - 2015-08-18 22:59 - 00000000 ____D C:\Users\JINDRA\AppData\Local\VS Revo Group
2015-08-18 22:58 - 2015-08-18 22:58 - 00001268 _____ C:\Users\JINDRA\Desktop\Revo Uninstaller.lnk
2015-08-18 22:58 - 2015-08-18 22:58 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-08-18 22:58 - 2015-08-18 22:58 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-18 22:03 - 2015-08-18 22:03 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
2015-08-18 22:03 - 2015-08-18 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus
2015-08-18 22:02 - 2015-07-25 15:42 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
2015-08-18 22:02 - 2012-12-24 13:50 - 00317080 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\RavExt64.dll
2015-08-18 22:02 - 2012-12-24 13:50 - 00239768 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-08-18 22:02 - 2012-12-24 13:50 - 00234648 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-08-18 22:02 - 2012-12-24 13:48 - 00037016 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\Hooksys.sys
2015-08-18 22:02 - 2012-12-24 13:48 - 00030360 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\HookTdi.sys
2015-08-18 22:02 - 2012-12-24 13:48 - 00027288 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\HookHelp.sys
2015-08-18 22:02 - 2012-12-24 13:16 - 01060864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2015-08-18 22:02 - 2012-12-24 13:15 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2015-08-18 22:02 - 2012-12-24 13:15 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-08-18 21:41 - 2015-08-18 21:41 - 00003052 _____ C:\Windows\System32\Tasks\GlaryUpdate 5
2015-08-18 18:55 - 2015-08-18 18:58 - 00004711 _____ C:\AdwCleaner[C2].txt
2015-08-18 18:37 - 2015-08-18 18:55 - 00000000 ____D C:\AdwCleaner
2015-08-18 18:37 - 2015-08-18 18:39 - 00004696 _____ C:\AdwCleaner[S2].txt
2015-08-18 18:36 - 2015-08-18 18:36 - 01573888 _____ C:\Users\JINDRA\Desktop\adwcleaner_5.001.exe
2015-08-18 16:49 - 2015-08-18 16:50 - 00000000 ____D C:\rsit
2015-08-18 16:49 - 2015-08-18 16:50 - 00000000 ____D C:\Program Files\trend micro
2015-08-18 16:49 - 2015-08-18 16:49 - 01222144 _____ C:\Users\JINDRA\Desktop\RSITx64.exe
2015-08-17 23:48 - 2015-08-12 03:10 - 01791580 _____ (Malwarebytes Corporation) C:\Users\JINDRA\Desktop\JRT_NEW.exe
2015-08-17 23:43 - 2015-08-17 23:43 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-08-17 23:24 - 2015-08-17 23:24 - 00109988 _____ C:\Windows\system32\.crusader
2015-08-17 22:50 - 2015-08-17 22:51 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-17 22:50 - 2015-08-17 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-17 22:50 - 2015-08-17 22:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-17 22:50 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-17 22:50 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-17 22:50 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-17 22:36 - 2015-08-17 22:36 - 00000000 _____ C:\autoexec.bat
2015-08-17 22:10 - 2015-08-17 22:11 - 00000419 _____ C:\zoek-results.log
2015-08-17 22:09 - 2015-08-17 23:39 - 00000002 _____ C:\runcheck.txt
2015-08-17 21:18 - 2015-08-17 21:18 - 00000000 ____D C:\ProgramData\GlarySoft
2015-08-17 21:10 - 2015-08-17 23:25 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-17 21:06 - 2015-08-17 21:06 - 00109232 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-17 20:20 - 2015-08-18 21:49 - 00000390 _____ C:\Windows\Tasks\GlaryUpdate 5.job
2015-08-17 20:18 - 2015-08-17 20:18 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2015-08-17 20:18 - 2015-08-17 20:18 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-08-17 20:18 - 2015-08-17 20:18 - 00001084 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-08-17 20:18 - 2015-08-17 20:18 - 00000326 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2015-08-17 20:18 - 2015-08-17 20:18 - 00000250 _____ C:\Windows\Tasks\GU5SkipUAC.job
2015-08-17 20:18 - 2015-08-17 20:18 - 00000000 ____D C:\Users\JINDRA\AppData\Roaming\GlarySoft
2015-08-17 20:18 - 2015-08-17 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-08-17 20:17 - 2015-08-18 21:28 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-08-15 22:08 - 2015-08-18 21:49 - 00003318 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-08-14 20:40 - 2002-01-01 00:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-13 19:14 - 2015-08-04 14:25 - 00044760 _____ (AVG Technologies) C:\Windows\system32\uxtuneup.dll
2015-08-13 19:14 - 2015-08-04 14:25 - 00036568 _____ (AVG Technologies) C:\Windows\SysWOW64\uxtuneup.dll
2015-08-13 19:14 - 2015-08-04 14:25 - 00030424 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll
2015-08-13 19:14 - 2015-08-04 14:25 - 00025816 _____ (AVG Technologies) C:\Windows\SysWOW64\authuitu.dll
2015-08-13 13:17 - 2015-08-13 13:17 - 00000977 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-08-13 13:12 - 2015-08-13 13:12 - 00007605 _____ C:\Users\JINDRA\AppData\Local\Resmon.ResmonCfg
2015-08-13 12:40 - 2002-01-01 00:17 - 00000000 __SHD C:\found.004
2015-08-09 17:12 - 2015-08-09 17:13 - 00000000 ____D C:\Users\JINDRA\Desktop\řecko kréta 2015
2015-07-28 11:02 - 2015-07-28 11:02 - 00312752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-07-28 11:01 - 2015-07-28 11:01 - 00245680 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 15:02 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-19 15:02 - 2009-07-14 06:45 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-19 15:01 - 2014-08-03 20:42 - 00003978 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B7BE282A-C82F-41B4-81CA-89E0DF42070D}
2015-08-19 15:00 - 2014-11-10 14:03 - 00000000 ____D C:\ProgramData\MFAData
2015-08-19 14:58 - 2015-07-03 15:36 - 00453188 _____ C:\Windows\WindowsUpdate.log
2015-08-19 14:55 - 2015-04-02 16:49 - 00001010 _____ C:\Windows\Tasks\jEGWb6kb1frSi4z0A.job
2015-08-19 14:55 - 2014-11-10 11:44 - 00001470 _____ C:\Windows\Tasks\59f65973-ec3c-4b49-a599-08a71b90d0d9.job
2015-08-19 14:55 - 2014-11-10 11:43 - 00000654 _____ C:\Windows\Tasks\5e60e387-19d6-4f92-a648-9ae3c329cbb6.job
2015-08-19 14:55 - 2014-05-19 19:37 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-19 14:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-18 23:39 - 2014-05-19 19:37 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 22:39 - 2009-07-14 17:18 - 00631054 _____ C:\Windows\system32\perfh005.dat
2015-08-18 22:39 - 2009-07-14 17:18 - 00121708 _____ C:\Windows\system32\perfc005.dat
2015-08-18 22:39 - 2009-07-14 07:13 - 01470062 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-18 22:34 - 2015-05-15 21:08 - 00000000 ____D C:\Users\JINDRA\AppData\Roaming\Mozilla
2015-08-18 22:03 - 2015-07-06 18:13 - 00000000 ____D C:\ProgramData\Rising
2015-08-18 21:30 - 2015-07-11 17:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-18 21:30 - 2015-04-09 18:16 - 00000000 ____D C:\ProgramData\MTA San Andreas All
2015-08-18 21:30 - 2014-11-10 14:09 - 00000000 ____D C:\ProgramData\AVG2015
2015-08-18 21:30 - 2014-11-10 14:03 - 00000000 ____D C:\Users\JINDRA\AppData\Local\Avg2015
2015-08-18 21:30 - 2014-05-23 16:54 - 00000000 ____D C:\Users\JINDRA\AppData\Local\Apps\2.0
2015-08-18 21:30 - 2011-06-14 13:59 - 00000000 ____D C:\Users\JINDRA\AppData\Roaming\Adobe
2015-08-18 21:30 - 2011-06-14 13:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-08-18 21:30 - 2011-06-14 13:39 - 00000000 ____D C:\Users\JINDRA\AppData\Local\Google
2015-08-18 21:30 - 2011-06-14 13:39 - 00000000 ____D C:\ProgramData\Skype
2015-08-18 21:30 - 2011-06-14 13:31 - 00000000 ____D C:\Users\JINDRA
2015-08-18 21:30 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-08-18 21:29 - 2014-11-10 14:09 - 00000000 ___HD C:\$AVG
2015-08-18 20:03 - 2012-01-06 11:20 - 00000000 ____D C:\Users\JINDRA\AppData\Local\Adobe
2015-08-18 20:02 - 2015-06-05 22:00 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-18 20:02 - 2015-06-05 22:00 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-18 00:08 - 2014-05-19 19:16 - 00000000 ____D C:\Windows\pss
2015-08-17 23:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors
2015-08-17 22:52 - 2014-05-19 19:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-17 22:14 - 2011-06-14 14:06 - 00000000 ____D C:\Users\JINDRA\AppData\Roaming\vlc
2015-08-17 21:24 - 2015-06-29 17:08 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-17 21:24 - 2014-11-10 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-08-17 21:19 - 2014-12-11 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panzar
2015-08-17 21:19 - 2014-06-04 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-17 21:09 - 2015-01-07 14:35 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Seznam.cz
2015-08-17 21:03 - 2014-11-10 13:34 - 00000000 _____ C:\Windows\SysWOW64\sinstall.log
2015-08-17 21:00 - 2014-09-15 12:53 - 00301056 ___SH C:\Users\JINDRA\Thumbs.db
2015-08-17 20:57 - 2014-11-10 14:06 - 00000000 ____D C:\Program Files (x86)\AVG
2015-08-17 20:52 - 2014-08-30 22:49 - 00000000 ____D C:\ProgramData\Norton
2015-08-17 20:41 - 2002-01-01 00:48 - 00059926 _____ C:\Windows\system32\avgrep.txt
2015-08-14 13:21 - 2015-04-11 15:07 - 00012482 _____ C:\Windows\system32\ScanResults.xml
2015-08-14 13:05 - 2015-04-11 14:58 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-08-13 16:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-08-13 13:18 - 2014-08-03 20:28 - 00000000 ____D C:\Windows\Minidump
2015-08-12 11:46 - 2014-10-07 16:47 - 00000000 ____D C:\Games
2015-08-08 14:42 - 2015-07-06 18:15 - 00000000 __RSD C:\RavBin
2015-08-05 01:36 - 2015-05-23 22:48 - 00000000 ____D C:\Users\JINDRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-04 14:25 - 2014-11-11 10:14 - 00041688 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2015-08-03 15:03 - 2011-06-14 13:33 - 00000000 ____D C:\Users\JINDRA\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2015-03-31 10:14 - 2015-03-31 10:14 - 0005655 _____ () C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A
2015-08-13 13:12 - 2015-08-13 13:12 - 0007605 _____ () C:\Users\JINDRA\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Users\JINDRA\AppData\Local\Temp\NirCmd.exe
C:\Users\JINDRA\AppData\Local\Temp\PEVZ.EXE
C:\Users\JINDRA\AppData\Local\Temp\sqlite3.dll
C:\Users\JINDRA\AppData\Local\Temp\swreg.exe
C:\Users\JINDRA\AppData\Local\Temp\wget.exe
C:\Users\JINDRA\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\59f65973-ec3c-4b49-a599-08a71b90d0d9.job => C:\Program Files (x86)\Internet Speed Checker\59f65973-ec3c-4b49-a599-08a71b90d0d9.exeȢ/agentregpath='Internet Speed Checker' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=03A6C264AD8F4DD5BDEF76F388930B30IE /verifier=02b61a8c42b20a7d5f90a3109735ee64 /installerversion=1_35_09_29 /installationtime=1415612578 /statsdomain=http:/stats.newinputinfoservice.com /errorsdomain=http:/errors.newinputinfoservice.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http:/logs.newinputinfoservice.com <==== ATTENTION
Task: C:\Windows\Tasks\5e60e387-19d6-4f92-a648-9ae3c329cbb6.job => C:\Program Files (x86)\Internet Speed Checker\5e60e387-19d6-4f92-a648-9ae3c329cbb6.exe <==== ATTENTION
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GlaryUpdate 5.job => C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GU5SkipUAC.job => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
Task: C:\Windows\Tasks\jEGWb6kb1frSi4z0A.job => C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Data aplikací:NT
AlternateDataStreams: C:\ProgramData\Data aplikací:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\JINDRA\Data aplikací:NT
AlternateDataStreams: C:\Users\JINDRA\Data aplikací:NT2
AlternateDataStreams: C:\Users\JINDRA\AppData\Roaming:NT
AlternateDataStreams: C:\Users\JINDRA\AppData\Roaming:NT2

==================== Security Center ==================

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\JINDRA\Desktop" je 1350 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup
"C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[doom1970]

Omylem odesláno dvakrát

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\...\MountPoints2: {8c68e4e5-e94b-11e3-89eb-0019dbf8fb85} - E:\Startme.exe
  HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\...\MountPoints2: {cc43adc3-9678-11e0-93e2-806e6f6e6963} - D:\setup.exe
  BootExecute: autocheck autochk * bsmain
  
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
  HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
  HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
  HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
  HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://home.microsoft.com/search/lobby/search.asp
  SearchScopes: HKU\S-1-5-21-3114736977-2469553296-3390899700-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
  
  CHR Extension: (Facebook Secret Emoticons) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2015-04-19]
  
  S4 RsMgrSvc; "C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe" [X]
  S4 RsRavMon; "C:\Program Files (x86)\Rising\RAV\RavMonD.exe" [X]
  S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
  S3 rt70x64; system32\DRIVERS\netr7064.sys [X]
  
  C:\Program Files (x86)\Rising
  2015-08-19 15:05 - 2015-08-19 15:06 - 00013086 _____ C:\Users\JINDRA\Desktop\FRST.txt
  2015-08-19 15:01 - 2015-08-19 15:01 - 00112640 _____ (forum.viry.cz) C:\Users\JINDRA\Desktop\FRSTLauncher.exe
  2015-08-18 22:03 - 2015-08-18 22:03 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
  2015-08-18 22:03 - 2015-08-18 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus
  2015-08-18 22:02 - 2015-07-25 15:42 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
  2015-08-18 22:02 - 2012-12-24 13:50 - 00317080 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\RavExt64.dll
  2015-08-18 22:02 - 2012-12-24 13:50 - 00239768 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
  2015-08-18 22:02 - 2012-12-24 13:50 - 00234648 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
  2015-08-18 22:02 - 2012-12-24 13:48 - 00037016 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\Hooksys.sys
  2015-08-18 22:02 - 2012-12-24 13:48 - 00030360 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\HookTdi.sys
  2015-08-18 22:02 - 2012-12-24 13:48 - 00027288 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\HookHelp.sys
  2015-08-18 18:55 - 2015-08-18 18:58 - 00004711 _____ C:\AdwCleaner[C2].txt
  2015-08-18 18:37 - 2015-08-18 18:55 - 00000000 ____D C:\AdwCleaner
  2015-08-18 18:37 - 2015-08-18 18:39 - 00004696 _____ C:\AdwCleaner[S2].txt
  2015-08-18 18:36 - 2015-08-18 18:36 - 01573888 _____ C:\Users\JINDRA\Desktop\adwcleaner_5.001.exe
  2015-08-18 16:49 - 2015-08-18 16:50 - 00000000 ____D C:\rsit
  2015-08-18 16:49 - 2015-08-18 16:50 - 00000000 ____D C:\Program Files\trend micro
  2015-08-18 16:49 - 2015-08-18 16:49 - 01222144 _____ C:\Users\JINDRA\Desktop\RSITx64.exe
  2015-08-17 23:48 - 2015-08-12 03:10 - 01791580 _____ (Malwarebytes Corporation) C:\Users\JINDRA\Desktop\JRT_NEW.exe
  2015-08-17 23:43 - 2015-08-17 23:43 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
  2015-08-17 23:24 - 2015-08-17 23:24 - 00109988 _____ C:\Windows\system32\.crusader
  2015-08-17 22:10 - 2015-08-17 22:11 - 00000419 _____ C:\zoek-results.log
  2015-08-17 22:09 - 2015-08-17 23:39 - 00000002 _____ C:\runcheck.txt
  2015-08-17 21:10 - 2015-08-17 23:25 - 00000000 ____D C:\ProgramData\HitmanPro
  2015-03-31 10:14 - 2015-03-31 10:14 - 0005655 _____ () C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A
  
  Task: C:\Windows\Tasks\59f65973-ec3c-4b49-a599-08a71b90d0d9.job => C:\Program Files (x86)\Internet Speed Checker\59f65973-ec3c-4b49-a599-08a71b90d0d9.exeȢ/agentregpath='Internet Speed Checker' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=03A6C264AD8F4DD5BDEF76F388930B30IE /verifier=02b61a8c42b20a7d5f90a3109735ee64 /installerversion=1_35_09_29 /installationtime=1415612578 /statsdomain=http:/stats.newinputinfoservice.com /errorsdomain=http:/errors.newinputinfoservice.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http:/logs.newinputinfoservice.com <==== ATTENTION
  Task: C:\Windows\Tasks\5e60e387-19d6-4f92-a648-9ae3c329cbb6.job => C:\Program Files (x86)\Internet Speed Checker\5e60e387-19d6-4f92-a648-9ae3c329cbb6.exe <==== ATTENTION
  Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
  Task: C:\Windows\Tasks\GlaryUpdate 5.job => C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GU5SkipUAC.job => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
  Task: C:\Windows\Tasks\jEGWb6kb1frSi4z0A.job => C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A.exe <==== ATTENTION
  
  C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A.exe
  C:\Program Files (x86)\Internet Speed Checker
  
  AlternateDataStreams: C:\ProgramData:NT
  AlternateDataStreams: C:\ProgramData:NT2
  AlternateDataStreams: C:\Users\All Users:NT
  AlternateDataStreams: C:\Users\All Users:NT2
  AlternateDataStreams: C:\ProgramData\Application Data:NT
  AlternateDataStreams: C:\ProgramData\Application Data:NT2
  AlternateDataStreams: C:\ProgramData\Data aplikací:NT
  AlternateDataStreams: C:\ProgramData\Data aplikací:NT2
  AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
  AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
  AlternateDataStreams: C:\Users\JINDRA\Data aplikací:NT
  AlternateDataStreams: C:\Users\JINDRA\Data aplikací:NT2
  AlternateDataStreams: C:\Users\JINDRA\AppData\Roaming:NT
  AlternateDataStreams: C:\Users\JINDRA\AppData\Roaming:NT2
  
  DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[doom1970]

Fix result of Farbar Recovery Scan Tool (x64) Version:25-08-2015 02
Ran by JINDRA (2015-08-26 17:02:56) Run:1
Running from C:\Users\JINDRA\Desktop
Loaded Profiles: JINDRA (Available Profiles: JINDRA & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\...\MountPoints2: {8c68e4e5-e94b-11e3-89eb-0019dbf8fb85} - E:\Startme.exe
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\...\MountPoints2: {cc43adc3-9678-11e0-93e2-806e6f6e6963} - D:\setup.exe
BootExecute: autocheck autochk * bsmain

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://home.microsoft.com/search/lobby/search.asp
SearchScopes: HKU\S-1-5-21-3114736977-2469553296-3390899700-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

CHR Extension: (Facebook Secret Emoticons) - C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2015-04-19]

S4 RsMgrSvc; "C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe" [X]
S4 RsRavMon; "C:\Program Files (x86)\Rising\RAV\RavMonD.exe" [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 rt70x64; system32\DRIVERS\netr7064.sys [X]

C:\Program Files (x86)\Rising
2015-08-19 15:05 - 2015-08-19 15:06 - 00013086 _____ C:\Users\JINDRA\Desktop\FRST.txt
2015-08-19 15:01 - 2015-08-19 15:01 - 00112640 _____ (forum.viry.cz) C:\Users\JINDRA\Desktop\FRSTLauncher.exe
2015-08-18 22:03 - 2015-08-18 22:03 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
2015-08-18 22:03 - 2015-08-18 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus
2015-08-18 22:02 - 2015-07-25 15:42 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
2015-08-18 22:02 - 2012-12-24 13:50 - 00317080 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\RavExt64.dll
2015-08-18 22:02 - 2012-12-24 13:50 - 00239768 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-08-18 22:02 - 2012-12-24 13:50 - 00234648 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-08-18 22:02 - 2012-12-24 13:48 - 00037016 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\Hooksys.sys
2015-08-18 22:02 - 2012-12-24 13:48 - 00030360 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\HookTdi.sys
2015-08-18 22:02 - 2012-12-24 13:48 - 00027288 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\HookHelp.sys
2015-08-18 18:55 - 2015-08-18 18:58 - 00004711 _____ C:\AdwCleaner[C2].txt
2015-08-18 18:37 - 2015-08-18 18:55 - 00000000 ____D C:\AdwCleaner
2015-08-18 18:37 - 2015-08-18 18:39 - 00004696 _____ C:\AdwCleaner[S2].txt
2015-08-18 18:36 - 2015-08-18 18:36 - 01573888 _____ C:\Users\JINDRA\Desktop\adwcleaner_5.001.exe
2015-08-18 16:49 - 2015-08-18 16:50 - 00000000 ____D C:\rsit
2015-08-18 16:49 - 2015-08-18 16:50 - 00000000 ____D C:\Program Files\trend micro
2015-08-18 16:49 - 2015-08-18 16:49 - 01222144 _____ C:\Users\JINDRA\Desktop\RSITx64.exe
2015-08-17 23:48 - 2015-08-12 03:10 - 01791580 _____ (Malwarebytes Corporation) C:\Users\JINDRA\Desktop\JRT_NEW.exe
2015-08-17 23:43 - 2015-08-17 23:43 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-08-17 23:24 - 2015-08-17 23:24 - 00109988 _____ C:\Windows\system32\.crusader
2015-08-17 22:10 - 2015-08-17 22:11 - 00000419 _____ C:\zoek-results.log
2015-08-17 22:09 - 2015-08-17 23:39 - 00000002 _____ C:\runcheck.txt
2015-08-17 21:10 - 2015-08-17 23:25 - 00000000 ____D C:\ProgramData\HitmanPro
2015-03-31 10:14 - 2015-03-31 10:14 - 0005655 _____ () C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A

Task: C:\Windows\Tasks\59f65973-ec3c-4b49-a599-08a71b90d0d9.job => C:\Program Files (x86)\Internet Speed Checker\59f65973-ec3c-4b49-a599-08a71b90d0d9.exe?/agentregpath='Internet Speed Checker' /appid=61752 /srcid='001726' /subid='0' /zdata='0' /bic=03A6C264AD8F4DD5BDEF76F388930B30IE /verifier=02b61a8c42b20a7d5f90a3109735ee64 /installerversion=1_35_09_29 /installationtime=1415612578 /statsdomain=http:/stats.newinputinfoservice.com /errorsdomain=http:/errors.newinputinfoservice.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http:/logs.newinputinfoservice.com <==== ATTENTION
Task: C:\Windows\Tasks\5e60e387-19d6-4f92-a648-9ae3c329cbb6.job => C:\Program Files (x86)\Internet Speed Checker\5e60e387-19d6-4f92-a648-9ae3c329cbb6.exe <==== ATTENTION
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GlaryUpdate 5.job => C:\Program Files (x86)\Glary Utilities 5\CheckUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GU5SkipUAC.job => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
Task: C:\Windows\Tasks\jEGWb6kb1frSi4z0A.job => C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A.exe <==== ATTENTION

C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A.exe
C:\Program Files (x86)\Internet Speed Checker

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Data aplikací:NT
AlternateDataStreams: C:\ProgramData\Data aplikací:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\JINDRA\Data aplikací:NT
AlternateDataStreams: C:\Users\JINDRA\Data aplikací:NT2
AlternateDataStreams: C:\Users\JINDRA\AppData\Roaming:NT
AlternateDataStreams: C:\Users\JINDRA\AppData\Roaming:NT2

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c68e4e5-e94b-11e3-89eb-0019dbf8fb85}" => key removed successfully
HKCR\CLSID\{8c68e4e5-e94b-11e3-89eb-0019dbf8fb85} => key not found.
"HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc43adc3-9678-11e0-93e2-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{cc43adc3-9678-11e0-93e2-806e6f6e6963} => key not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-3114736977-2469553296-3390899700-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\JINDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe => moved successfully
RsMgrSvc => service removed successfully
RsRavMon => service removed successfully
EagleX64 => service removed successfully
rt70x64 => service removed successfully
"C:\Program Files (x86)\Rising" => File/Folder not found.
"C:\Users\JINDRA\Desktop\FRST.txt" => File/Folder not found.
"C:\Users\JINDRA\Desktop\FRSTLauncher.exe" => File/Folder not found.
C:\Windows\SysWOW64\BsMain.ini => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus => moved successfully
C:\Windows\system32\Drivers\hvm.sys => moved successfully
C:\Windows\system32\RavExt64.dll => moved successfully
C:\Windows\SysWOW64\bsmain.exe => moved successfully
C:\Windows\SysWOW64\ravext.dll => moved successfully
C:\Windows\system32\Drivers\Hooksys.sys => moved successfully
C:\Windows\system32\Drivers\HookTdi.sys => moved successfully
C:\Windows\system32\Drivers\HookHelp.sys => moved successfully
C:\AdwCleaner[C2].txt => moved successfully
C:\AdwCleaner => moved successfully
C:\AdwCleaner[S2].txt => moved successfully
"C:\Users\JINDRA\Desktop\adwcleaner_5.001.exe" => File/Folder not found.
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
"C:\Users\JINDRA\Desktop\RSITx64.exe" => File/Folder not found.
"C:\Users\JINDRA\Desktop\JRT_NEW.exe" => File/Folder not found.
C:\Windows\system32\Drivers\hitmanpro37.sys => moved successfully
C:\Windows\system32\.crusader => moved successfully
C:\zoek-results.log => moved successfully
C:\runcheck.txt => moved successfully
C:\ProgramData\HitmanPro => moved successfully
C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A => moved successfully
C:\Windows\Tasks\59f65973-ec3c-4b49-a599-08a71b90d0d9.job => moved successfully
C:\Windows\Tasks\5e60e387-19d6-4f92-a648-9ae3c329cbb6.job => moved successfully
C:\Windows\Tasks\GlaryInitialize 5.job => moved successfully
C:\Windows\Tasks\GlaryUpdate 5.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GU5SkipUAC.job => moved successfully
C:\Windows\Tasks\jEGWb6kb1frSi4z0A.job => moved successfully
"C:\Users\JINDRA\AppData\Roaming\jEGWb6kb1frSi4z0A.exe" => File/Folder not found.
"C:\Program Files (x86)\Internet Speed Checker" => File/Folder not found.
C:\ProgramData => ":NT" ADS removed successfully.
C:\ProgramData => ":NT2" ADS removed successfully.
"C:\Users\All Users" => ":NT" ADS not found.
"C:\Users\All Users" => ":NT2" ADS not found.
"C:\ProgramData\Application Data" => ":NT" ADS not found.
"C:\ProgramData\Application Data" => ":NT2" ADS not found.
"C:\ProgramData\Data aplikací" => ":NT" ADS not found.
"C:\ProgramData\Data aplikací" => ":NT2" ADS not found.
C:\ProgramData\MTA San Andreas All => ":NT" ADS removed successfully.
C:\ProgramData\MTA San Andreas All => ":NT2" ADS removed successfully.
"C:\Users\JINDRA\Data aplikací" => ":NT" ADS not found.
"C:\Users\JINDRA\Data aplikací" => ":NT2" ADS not found.
C:\Users\JINDRA\AppData\Roaming => ":NT" ADS removed successfully.
C:\Users\JINDRA\AppData\Roaming => ":NT2" ADS removed successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

[vyosek]

Jak se chova PC??

[doom1970]

Po restartu PC se restart opakoval stále dokola, musel jsem použít opravu systému z instalačního cd. Po opravě se nechce spustit AVG antivirus, pokud ho spustím přes ikonu na ploše tak zamrzne.

[altrok]

Zdravim, dovolim si zaskocit za pracovne vytizeneho kolegu. Dejte aktualni log z FRST, at vime, jaka je momentalne situace.