Zpomalení pc, pop up ads

[pajasimi]

Zdravím a prosím o pomoc při čištění kamarádova pc. Zabalastoval to nejspíš v rámci shánění licenčních klíčů.
Pc je zasekanej a v pravým horním rohu reklama za reklamou.
Při startu se nově "Řízení uživatelských účtů" táže, jestli povolit program "MTview" od "Zhu Weiqin"

Log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-01-2015
Ran by Hanzka (administrator) on HANZKA-PC (18-01-2016 16:36:57)
Running from C:\Users\Hanzka\Desktop
Loaded Profiles: Hanzka (Available Profiles: Hanzka & Mcx1-HANZKA-PC)
Platform: Windows 7 Home Premium (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\t_201601170512\201601170512\lsas.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
( ) C:\Program Files (x86)\t_201601170512\201601170512\auds.exe
() C:\Program Files (x86)\t_201601170512\201601170512\tslog.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
( ) C:\Program Files (x86)\t_201601170512\201601170512\auds.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.47\opera.exe
(forum.viry.cz) C:\Users\Hanzka\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [MSStp] => C:\Windows\system32\msstp.vbe
HKLM-x32\...\Run: [MTview] => C:\Program Files (x86)\MTV20151125\MTView.exe [1875464 2015-11-25] (STA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-17] (AVAST Software)
HKU\S-1-5-21-2950201998-2485440076-3267433508-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2950201998-2485440076-3267433508-1000\...\Run: [lsas] => C:\Program Files (x86)\t_201601170512\201601170512\lsas.exe [557184 2016-01-17] ()
HKU\S-1-5-21-2950201998-2485440076-3267433508-1000\...\MountPoints2: {f1488940-1503-11e5-8bef-00265e9bfa37} - F:\Lenovo_Suite.exe
AppInit_DLLs: C:\ProgramData\caMyciloP\Konkdom.dll => C:\ProgramData\caMyciloP\Konkdom.dll [805376 2016-01-17] ()
AppInit_DLLs-x32: C:\ProgramData\caMyciloP\Biglux.dll => C:\ProgramData\caMyciloP\Biglux.dll [257536 2016-01-17] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-17] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2950201998-2485440076-3267433508-1000] => hxxp://unstopp.me/wpad.dat?39a768e41d4e4b1336682c786c7aa6b04433658
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FA635ED2-CD5F-46BF-B766-4CC57E9E686C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2950201998-2485440076-3267433508-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-2950201998-2485440076-3267433508-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKU\S-1-5-21-2950201998-2485440076-3267433508-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.seznam.cz/?clid=22668
HKU\S-1-5-21-2950201998-2485440076-3267433508-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmLi9tRWXORUvcZtxJmuvoSgZs4cV5r1KoH_Dkpozz8lDe9VF5QAd4CbRnIfPiInJMYHShsCbLqIbApVmdKcx3yfHSk0tdpoWT1mqXK3klE4ZpXnsGnL5FdhPW3-p8lNL4AfhG_NOiEOUITFD-xngafANqvqumI,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmLi9tRWXORUvcZtxJmuvoSgZs4cV5r1KoH_Dkpozz8lDe9VF5QAd4CbRnIfPiInJMYHShsCbLqIbApVmdKcx3yfHSk0tdpoWT1mqXK3klE4ZpXnsGnL5FdhPW3-p8lNL4AfhG_NOiEOUITFD-xngafANqvqumI,&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2950201998-2485440076-3267433508-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2950201998-2485440076-3267433508-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2950201998-2485440076-3267433508-1000 -> {215A8782-A592-46D6-9BB1-7C22FFDCD30B} URL = hxxp://q.search-simple.com/?affID=na&q={searchTerms}&r=623
SearchScopes: HKU\S-1-5-21-2950201998-2485440076-3267433508-1000 -> {65AC85CC-BF20-4E97-986C-BA05CE85EADD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
SearchScopes: HKU\S-1-5-21-2950201998-2485440076-3267433508-1000 -> {A060E7FB-91F5-4c7c-BD0F-4A11A581D878} URL = hxxps://www.baidu.com/s?wd={searchTerms}&tn=98012088_5_dg&ch=11
SearchScopes: HKU\S-1-5-21-2950201998-2485440076-3267433508-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmLi9tRWXORUvcZtxJmuvoSgZs4cV5r1KoH_Dkpozz8lDe9VF5QAd4CbRnIfPiInJMYHShsCbLqIbApVmdKcx3yfHSk0tdpoWT1mqXK3klE4ZpXnsGnL5FdhPW3-p8lNL4AfhG_NOiEOUITFD-xngafANqvqumI,&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-17] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default
FF DefaultSearchEngine: Yahoo! Search
FF Homepage: C:\ProgramData\caMyciloPs\ff.HP
FF SearchEngineOrder.1: WebSearch
FF SelectedSearchEngine: Yahoo! Search
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL:
FF DefaultSearchUrl: hxxp://websearch.allsearches.info/?pid=3521&r=2014/10/09&hid=4176657213035267658&lg=EN&cc=CZ&unqvl=64&l=1&q=
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF NewTab: C:\ProgramData\caMyciloPs\ff.NT
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=0.9.9 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2009-03-31] (the VideoLAN Team)
FF user.js: detected! => C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\user.js [2014-10-05]
FF SearchPlugin: C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\searchplugins\findit.xml [2016-01-17]
FF SearchPlugin: C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\searchplugins\firmycz.xml [2014-10-05]
FF SearchPlugin: C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\searchplugins\zbocz.xml [2014-10-05]
FF Extension: No Name - C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF Extension: No Name - C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\extensions\sonnypenn@aol.com [not found]
FF Extension: WinToFlash Suggestor - C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-17]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://feed.wiki-search.me/?st=ds&query={searchTerms}
CHR DefaultSearchKeyword: Default -> Wiki Search.me
CHR Profile: C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-04]
CHR Extension: (WinToFlash Suggestor) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\acaoakiamfeidcmgooclgeleejkbaecf [2015-04-05] [UpdateUrl: hxxp://wintoflashsuggestor.net/update/updatecheckchrome-10045.xml] <==== ATTENTION
CHR Extension: (Dokumenty Google) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-04]
CHR Extension: (Disk Google) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-01-17]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-01-17]
CHR Extension: (YouTube) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Tabulky Google) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-04]
CHR Extension: (AdBlock) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-17]
CHR Extension: (Avast Online Security) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-15]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-01-17]
CHR Extension: (Mahjong Zahrady) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfekddiiamgblmgoodjgkfmkehnepljb [2015-12-21]
CHR Extension: (Gmail) - C:\Users\Hanzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx [2012-05-25]
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-17] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2016-01-17] (AVAST Software)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-24] (Lenovo)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-20] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17202.219\QQPCRtp.exe" -r [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-17] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2016-01-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-17] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2016-01-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-17] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-17] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-05] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45368 2015-12-28] (电脑管家)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17202.219\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17202.219\softaal64.sys [X]
S1 TsDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17202.219\TsDefenseBT64.sys [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17202.219\TsNetHlpX64.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 16:36 - 2016-01-18 16:37 - 00019025 _____ C:\Users\Hanzka\Desktop\FRST.txt
2016-01-18 16:36 - 2016-01-18 16:36 - 00000000 ____D C:\FRST
2016-01-18 16:34 - 2016-01-18 16:34 - 02370560 _____ (Farbar) C:\Users\Hanzka\Desktop\FRST64.exe
2016-01-18 16:34 - 2016-01-18 16:34 - 00112640 _____ (forum.viry.cz) C:\Users\Hanzka\Desktop\FRSTLauncher.exe
2016-01-18 16:32 - 2016-01-18 16:32 - 00112640 _____ (forum.viry.cz) C:\Users\Hanzka\Downloads\Nepotvrzeno 8292.crdownload
2016-01-18 16:32 - 2016-01-18 16:32 - 00112640 _____ (forum.viry.cz) C:\Users\Hanzka\Downloads\Nepotvrzeno 431638.crdownload
2016-01-18 15:42 - 2012-11-29 23:27 - 00000000 ____D C:\Users\Hanzka\Downloads\Ableton Live 8.2.2 (CRACKED) [theLEAK]
2016-01-18 01:49 - 2016-01-18 03:34 - 1765020148 _____ C:\Users\Hanzka\Downloads\Ableton-Live-8.2.2-(CRACKED)-[theLEAK].rar
2016-01-17 23:52 - 2016-01-17 23:52 - 00003034 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1453071148
2016-01-17 23:52 - 2016-01-17 23:52 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-01-17 23:52 - 2016-01-17 23:52 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-01-17 23:51 - 2016-01-17 23:50 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-01-17 23:51 - 2016-01-17 23:45 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-17 23:48 - 2016-01-17 23:48 - 00001922 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2016-01-17 23:48 - 2016-01-17 23:48 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\AVAST Software
2016-01-17 23:48 - 2016-01-17 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-17 23:46 - 2016-01-17 23:51 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-17 23:46 - 2016-01-17 23:46 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-01-17 23:46 - 2016-01-17 23:46 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-17 23:46 - 2016-01-17 23:46 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-17 23:46 - 2016-01-17 23:46 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-17 23:46 - 2016-01-17 23:45 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-17 23:46 - 2016-01-17 23:45 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-17 23:46 - 2016-01-17 23:45 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-17 23:46 - 2016-01-17 23:45 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-17 23:46 - 2016-01-17 23:45 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-17 23:46 - 2016-01-17 23:45 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-17 23:45 - 2016-01-17 23:45 - 00466400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2016-01-17 23:45 - 2016-01-17 23:45 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-17 23:44 - 2016-01-17 23:50 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-17 23:44 - 2016-01-17 23:44 - 05037024 _____ (AVAST Software) C:\Users\Hanzka\Downloads\avast_premier_antivirus_setup_online.exe
2016-01-17 23:40 - 2016-01-18 00:17 - 00000000 ____D C:\ProgramData\caMyciloP
2016-01-17 23:40 - 2016-01-17 23:41 - 00000000 ____D C:\ProgramData\caMyciloPs
2016-01-17 23:38 - 2016-01-17 23:38 - 00290880 _____ C:\Windows\Minidump\011716-50528-01.dmp
2016-01-17 23:37 - 2016-01-17 23:37 - 629821633 _____ C:\Windows\MEMORY.DMP
2016-01-17 21:42 - 2016-01-17 21:42 - 00003096 _____ C:\Windows\System32\Tasks\{834FB3E9-7287-47C0-ABBD-005ED353C89F}
2016-01-17 21:33 - 2016-01-17 21:33 - 00000000 ____D C:\Users\Hanzka\AppData\Local\Apowersoft
2016-01-17 21:33 - 2016-01-17 21:33 - 00000000 ____D C:\ProgramData\Apowersoft
2016-01-17 21:32 - 2016-01-17 21:34 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\Apowersoft
2016-01-17 21:22 - 2016-01-17 21:22 - 00003562 _____ C:\Windows\System32\Tasks\{0D48CCDF-75F9-438D-A022-83E470529879}
2016-01-17 17:33 - 2016-01-17 17:33 - 00005120 _____ C:\Users\Hanzka\AppData\Roaming\GiftBag.db
2016-01-17 17:29 - 2016-01-17 17:29 - 00000000 ____D C:\Program Files (x86)\t_201601171729
2016-01-17 07:18 - 2016-01-17 07:18 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\vstsaxi
2016-01-17 06:17 - 2016-01-17 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-01-17 06:02 - 2016-01-17 06:14 - 00000000 ____D C:\Users\Hanzka\Documents\Ableton
2016-01-17 06:00 - 2016-01-18 16:08 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\Ableton
2016-01-17 05:57 - 2016-01-17 23:07 - 00000000 ____D C:\ProgramData\Ableton
2016-01-17 05:57 - 2016-01-17 05:57 - 00000881 _____ C:\Users\Hanzka\Desktop\Ableton Live 9 Trial.lnk
2016-01-17 05:39 - 2016-01-17 23:40 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-01-17 05:39 - 2016-01-17 08:39 - 00000000 ____D C:\Program Files\cmdidx
2016-01-17 05:39 - 2016-01-17 05:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-01-17 05:39 - 2016-01-17 05:39 - 00000000 ____D C:\ProgramData\Medlights
2016-01-17 05:39 - 2016-01-17 05:39 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-01-17 05:38 - 2016-01-18 00:17 - 00000000 ____D C:\ProgramData\Medlight
2016-01-17 05:27 - 2016-01-17 05:27 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\SimpleFiles
2016-01-17 05:16 - 2016-01-17 05:16 - 00000000 ____D C:\ProgramData\TXQMPC
2016-01-17 05:15 - 2016-01-17 17:45 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2016-01-17 05:15 - 2016-01-17 17:29 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2016-01-17 05:15 - 2016-01-17 05:15 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-01-17 05:15 - 2015-12-28 16:34 - 00045368 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2016-01-17 05:14 - 2016-01-17 05:38 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\Tencent
2016-01-17 05:14 - 2016-01-17 05:30 - 00000000 ____D C:\ProgramData\Tencent
2016-01-17 05:14 - 2016-01-17 05:14 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-01-17 05:12 - 2016-01-17 05:12 - 00000000 ____D C:\Program Files (x86)\t_201601170512
2016-01-17 05:11 - 2016-01-17 07:30 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-01-17 05:11 - 2016-01-17 05:12 - 00000000 ____D C:\Program Files (x86)\MTV20151125
2016-01-17 05:11 - 2016-01-17 05:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ
2016-01-17 04:44 - 2016-01-17 05:18 - 00002568 _____ C:\Users\Hanzka\Documents\Register ACID Pro.htm
2016-01-17 04:42 - 2016-01-17 04:42 - 00000000 ____D C:\Users\Hanzka\AppData\Local\Sony
2016-01-17 04:37 - 2016-01-17 04:37 - 00000000 ____D C:\Program Files (x86)\Sony Setup
2016-01-17 04:32 - 2016-01-17 04:38 - 701280372 _____ C:\Users\Hanzka\Downloads\ableton_live_trial_9-1-1_32.zip
2016-01-17 04:07 - 2016-01-17 04:07 - 00000394 _____ C:\Users\Hanzka\Documents\mm.ilcontrol
2015-12-21 21:18 - 2015-12-21 21:18 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-21 14:43 - 2012-02-15 14:02 - 00000000 ____D C:\Users\Hanzka\Downloads\AudioRealism_Bass_Line_VSTi_v2.5.0
2015-12-21 14:42 - 2015-12-21 14:42 - 00000000 ____D C:\Users\Hanzka\Downloads\Nová složka
2015-12-20 16:29 - 2015-12-20 16:37 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\Origin
2015-12-20 16:29 - 2015-12-20 16:29 - 00000000 ____D C:\Users\Hanzka\AppData\Local\Origin
2015-12-20 16:27 - 2015-12-20 16:39 - 00000000 ____D C:\ProgramData\Origin
2015-12-20 16:27 - 2015-12-20 16:27 - 00000983 _____ C:\Users\Hanzka\Documents\Origin.lnk
2015-12-20 16:27 - 2015-12-20 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-12-20 16:27 - 2015-12-20 16:27 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-12-20 16:26 - 2015-12-20 16:29 - 00000000 ____D C:\Program Files (x86)\Origin
2015-12-20 16:26 - 2015-12-20 16:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-20 01:00 - 2015-12-21 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioRealism Bass Line 2
2015-12-20 01:00 - 2015-12-20 01:00 - 00000000 ____D C:\Users\Hanzka\Documents\AudioRealism
2015-12-20 00:56 - 2015-12-20 00:56 - 00000000 ____D C:\Users\Hanzka\Downloads\Install_ABL2_WIN64
2015-12-19 20:57 - 2015-12-20 16:31 - 00000192 _____ C:\Users\Hanzka\Documents\hesla.txt
2015-12-19 03:00 - 2015-12-19 03:00 - 00000000 ____D C:\Users\Hanzka\Documents\Tom_hp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 16:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-18 16:23 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-18 16:23 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-18 16:21 - 2015-10-12 19:26 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-18 16:20 - 2009-07-14 16:18 - 00668376 _____ C:\Windows\system32\perfh005.dat
2016-01-18 16:20 - 2009-07-14 16:18 - 00141004 _____ C:\Windows\system32\perfc005.dat
2016-01-18 16:20 - 2009-07-14 06:13 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-18 16:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-18 16:16 - 2014-12-26 12:45 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-18 16:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 15:50 - 2014-12-26 12:45 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-18 00:19 - 2014-10-08 22:18 - 00000000 ____D C:\ProgramData\NNExtCoeUp
2016-01-17 23:51 - 2014-10-05 03:20 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-17 23:41 - 2014-12-26 12:46 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-17 23:41 - 2014-10-02 13:03 - 00001459 _____ C:\Users\Hanzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-17 23:38 - 2014-10-08 22:08 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-01-17 23:38 - 2014-10-06 00:13 - 00000000 ____D C:\Windows\Minidump
2016-01-17 23:37 - 2009-07-14 05:45 - 00278568 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-17 21:47 - 2014-10-05 23:35 - 00000000 ____D C:\Program Files (x86)\Image-Line
2016-01-17 21:41 - 2014-10-13 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-01-17 21:41 - 2014-10-02 22:44 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2016-01-17 21:40 - 2015-10-12 21:10 - 00000000 ____D C:\Program Files (x86)\Winamp
2016-01-17 21:40 - 2014-10-13 14:16 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2016-01-17 07:31 - 2014-10-05 03:39 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\Seznam.cz
2016-01-17 07:16 - 2014-10-02 15:27 - 00059104 _____ C:\Users\Hanzka\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-17 05:18 - 2015-10-21 18:21 - 00020522 _____ C:\ProgramData\svchost.exe.tmp
2016-01-17 01:59 - 2015-07-15 00:14 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-14 07:13 - 2014-10-06 16:50 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412610607
2016-01-14 07:13 - 2014-10-06 16:50 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-05 05:56 - 2014-10-26 22:47 - 00000000 ____D C:\Users\Hanzka\AppData\Roaming\dvdcss
2016-01-04 18:09 - 2015-03-06 20:34 - 00000000 ____D C:\Users\Hanzka\Documents\hlasky
2016-01-03 19:23 - 2015-10-12 19:26 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-03 19:23 - 2014-10-05 21:08 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 19:23 - 2014-10-05 21:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-31 11:17 - 2014-10-02 13:00 - 00000000 ____D C:\Users\Hanzka
2015-12-29 11:22 - 2015-07-15 00:14 - 00003956 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier

==================== Files in the root of some directories =======

2016-01-17 17:33 - 2016-01-17 17:33 - 0005120 _____ () C:\Users\Hanzka\AppData\Roaming\GiftBag.db
2014-10-08 22:10 - 2014-10-08 22:10 - 0000323 _____ () C:\Users\Hanzka\AppData\Roaming\LiveSupport.exe_log.txt
2014-10-08 22:10 - 2014-10-08 22:15 - 0000092 _____ () C:\Users\Hanzka\AppData\Roaming\regsvr32.exe_log.txt
2014-10-05 03:48 - 2014-10-05 03:48 - 0225280 _____ (Propellerhead Software AB) C:\Users\Hanzka\AppData\Roaming\Rewire.dll
2014-10-05 03:48 - 2014-10-05 03:48 - 0233472 _____ (Propellerhead Software AB) C:\Users\Hanzka\AppData\Roaming\REX Shared Library.dll
2015-10-21 18:21 - 2016-01-17 05:18 - 0020522 _____ () C:\ProgramData\svchost.exe.tmp

Files to move or delete:
====================
C:\Users\Hanzka\FL Studio VSTi (Multi).dll
C:\Users\Hanzka\FL Studio VSTi.dll


Some files in TEMP:
====================
C:\Users\Hanzka\AppData\Local\Temp\01d363ca.exe
C:\Users\Hanzka\AppData\Local\Temp\7z938.exe
C:\Users\Hanzka\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\Hanzka\AppData\Local\Temp\amt_omniboxes.exe
C:\Users\Hanzka\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Hanzka\AppData\Local\Temp\deckadance_install.exe
C:\Users\Hanzka\AppData\Local\Temp\DriverSupport.exe
C:\Users\Hanzka\AppData\Local\Temp\drvprosetup.exe
C:\Users\Hanzka\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Hanzka\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Hanzka\AppData\Local\Temp\findamo.exe
C:\Users\Hanzka\AppData\Local\Temp\GC_PCTOOLS.exe
C:\Users\Hanzka\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Hanzka\AppData\Local\Temp\mslog.dll
C:\Users\Hanzka\AppData\Local\Temp\msxml6-KB927977-enu-x86.exe
C:\Users\Hanzka\AppData\Local\Temp\nircmd.exe
C:\Users\Hanzka\AppData\Local\Temp\nsm1BA7.exe
C:\Users\Hanzka\AppData\Local\Temp\ochelper.exe
C:\Users\Hanzka\AppData\Local\Temp\optprosetup.exe
C:\Users\Hanzka\AppData\Local\Temp\PCMgr_Setup_11_3_17202_219.exe
C:\Users\Hanzka\AppData\Local\Temp\pcspeedup.exe
C:\Users\Hanzka\AppData\Local\Temp\qqpcmgr_v10.11.16575.227_8881436_Silence.exe
C:\Users\Hanzka\AppData\Local\Temp\rar.exe
C:\Users\Hanzka\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Hanzka\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Hanzka\AppData\Local\Temp\somoto_chrome.exe
C:\Users\Hanzka\AppData\Local\Temp\Tinyxml2.dll
C:\Users\Hanzka\AppData\Local\Temp\tmp4F17.tmp.exe
C:\Users\Hanzka\AppData\Local\Temp\utt69F7.tmp.exe
C:\Users\Hanzka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Users\Hanzka\AppData\Local\Temp\~6080.exe
C:\Users\Hanzka\AppData\Local\Temp\~662B.exe
C:\Users\Hanzka\AppData\Local\Temp\~B3CF.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Hanzka\Desktop" je 2 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Zdravím!

Zdravím a prosím o pomoc při čištění kamarádova pc. Zabalastoval to nejspíš v rámci shánění licenčních klíčů.

Kdyby používal legální soft, nestalo by se mu to.

Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[pajasimi]

Zdravím opět a omlouvám se, že v řešení problému zde pokračuji se zpožděním (nemám k danému pc přístup každý den).

Než přišla první reakce, zkoušel jsem na tom máknout s tím, co si mysím, že vím .)

Našel jsem dvě aplikace, které rozjížděly několikero procesů a na disku se porůznu množily při marných pokusech o prosté mazání jejich souborů - jedna aplikace kryla a spouštěla druhou a byla tam i sranda v podobě "fake" uninstalleru, který samozřejmě nedělal to, co bych si od něj přál ) něco jsem pohledal v registrech. Nějakým způsobem se mi podařilo killnout všechny/ty procesy, které bránily v mazání (+tvořily další) balastu - jeden z nich se snažil uniknout pozornosti tím, že se jmenoval jako jeden ze systémových - povedlo se odstranit vše vadné, co jsem našel. Žádný z killnutých procesů už se znovu nerozběhl a pc se tváří a chová standardně.
Léta amatérské praxe mne naučila vyvarovat se vítězoslavných pocitů, takže bez těchto jsem pc "předal" k užívání s tím, že se to zatím tváří OK.

No a teď u toho opět sedím a posílám log z Adwcleaneru - něco dalšího to, zdá se, našlo:

# AdwCleaner v5.030 - Logfile created 23/01/2016 at 17:39:18
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 7 Home Premium (x64)
# Username : Hanzka - HANZKA-PC
# Running from : C:\Users\Hanzka\Desktop\adwcleaner_5.030.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : QQPCRTP
[-] Service Deleted : TSDefenseBt
[-] Service Deleted : QMUdisk
[-] Service Deleted : TSSKX64
[-] Service Deleted : softaal

***** [ Folders ] *****

[#] Folder Deleted : C:\Program Files\cmdidx
[#] Folder Deleted : C:\Program Files (x86)\globalUpdate
[#] Folder Deleted : C:\Program Files (x86)\GoHD
[#] Folder Deleted : C:\Program Files (x86)\tencent
[#] Folder Deleted : C:\Program Files (x86)\GaoSavee
[#] Folder Deleted : C:\Program Files (x86)\GioSave
[#] Folder Deleted : C:\Program Files (x86)\NeextCCoup
[#] Folder Deleted : C:\Program Files (x86)\NNExtCoeUp
[#] Folder Deleted : C:\Program Files (x86)\GaoSavee
[#] Folder Deleted : C:\Program Files (x86)\GioSave
[#] Folder Deleted : C:\Program Files (x86)\NeextCCoup
[#] Folder Deleted : C:\Program Files (x86)\NNExtCoeUp
[#] Folder Deleted : C:\Program Files (x86)\GoHD
[#] Folder Deleted : C:\Program Files (x86)\Optimizer Pro
[#] Folder Deleted : C:\Program Files (x86)\Common Files\tencent
[#] Folder Deleted : C:\Program Files\Common Files\tencent
[#] Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\camycilop
[#] Folder Deleted : C:\ProgramData\caMyciloPs
[#] Folder Deleted : C:\ProgramData\Medlight
[#] Folder Deleted : C:\ProgramData\Medlights
[#] Folder Deleted : C:\ProgramData\tencent
[#] Folder Deleted : C:\ProgramData\Trusted Publisher
[#] Folder Deleted : C:\ProgramData\TXQMPC
[#] Folder Deleted : C:\ProgramData\GaoSavee
[#] Folder Deleted : C:\ProgramData\GioSave
[#] Folder Deleted : C:\ProgramData\NeextCCoup
[#] Folder Deleted : C:\ProgramData\NNExtCoeUp
[#] Folder Deleted : C:\ProgramData\GaoSavee
[#] Folder Deleted : C:\ProgramData\GioSave
[#] Folder Deleted : C:\ProgramData\NeextCCoup
[#] Folder Deleted : C:\ProgramData\NNExtCoeUp
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Chromatic Browser
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\globalUpdate
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\torch
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbggomcpjcdebpihgpdcfgnkaglanpkd
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dbggomcpjcdebpihgpdcfgnkaglanpkd
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bokijhalndhhhikpnaniimagniglonke
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cnploenppbpjdflnpkjbljopdhakinib
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbggomcpjcdebpihgpdcfgnkaglanpkd
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ecfjddlpfmgmakddpnolnleanfjbafbl
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lmnaapjjjgjpnonfhdkgnoiopplppnhb
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nepniiackjknpknfcbmdlfodongmhfdl
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odggbmoeahkobffllgbdgcdehpddgeeb
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dbggomcpjcdebpihgpdcfgnkaglanpkd
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Temp\PodoWeb
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Temp\Techgile
[#] Folder Deleted : C:\Users\Hanzka\AppData\Local\Temp\tencent
[#] Folder Deleted : C:\Users\Hanzka\AppData\LocalLow\Toolbar4
[#] Folder Deleted : C:\Users\Hanzka\AppData\Roaming\OpenCandy
[#] Folder Deleted : C:\Users\Hanzka\AppData\Roaming\SimpleFiles
[#] Folder Deleted : C:\Users\Hanzka\AppData\Roaming\Systweak
[#] Folder Deleted : C:\Users\Hanzka\AppData\Roaming\tencent
[#] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent

***** [ Files ] *****

[-] File Deleted : C:\Users\Hanzka\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
[-] File Deleted : C:\Users\Hanzka\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
[-] File Deleted : C:\Users\Hanzka\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
[-] File Deleted : C:\Users\Hanzka\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal
[-] File Deleted : C:\Users\Hanzka\AppData\Local\Temp\task.vbs
[-] File Deleted : C:\Users\Hanzka\AppData\Roaming\LiveSupport.exe_log.txt
[-] File Deleted : C:\Users\Hanzka\AppData\Roaming\regsvr32.exe_log.txt
[-] File Deleted : C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi
[-] File Deleted : C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\user.js
[-] File Deleted : C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\searchplugins\findit.xml
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
[-] File Deleted : C:\Windows\SysNative\drivers\TSSKX64.sys
[-] File Deleted : C:\Windows\SysNative\drivers\TFsFltX64.sys
[-] File Deleted : C:\Windows\SysWOW64\findit.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Hanzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Hanzka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKLM\SOFTWARE\Classes\.
[-] Key Deleted : HKLM\SOFTWARE\Classes\..9
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\.
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\..9
[-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update PodoWeb
[-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util Techgile
[-] Key Deleted : HKCU\Software\a3d638bb994521c2b6574b55b9a9a02c
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-792098896
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c4b2b8b1-d932-4232-abd6-5067d02dd579}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f0c07f3b-9b89-4dee-a553-9b4d575f13ba}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c4b2b8b1-d932-4232-abd6-5067d02dd579}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0c07f3b-9b89-4dee-a553-9b4d575f13ba}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{c4b2b8b1-d932-4232-abd6-5067d02dd579}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{f0c07f3b-9b89-4dee-a553-9b4d575f13ba}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{c4b2b8b1-d932-4232-abd6-5067d02dd579}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{f0c07f3b-9b89-4dee-a553-9b4d575f13ba}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKCU\Software\Complitly
[-] Key Deleted : HKCU\Software\Driver Pro
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\Reg\Clean
[-] Key Deleted : HKCU\Software\SimpleFiles
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\STA
[-] Key Deleted : HKCU\Software\mtMedlight
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\WinToFlash Suggestor
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\Reg\Clean
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\mtMedlight
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\GoHD
[!] Key Not Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\GoHD
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{215A8782-A592-46D6-9BB1-7C22FFDCD30B}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lsas]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MTView]

***** [ Web browsers ] *****

[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "WebSearch");
[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.allsearches.info/?pid=3521&r=2014/10/09&hid=4176657213035267658&lg=EN&cc=CZ&unqvl=64&l=1&q=");
[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[-] [C:\Users\Hanzka\AppData\Roaming\Mozilla\Firefox\Profiles\5kkqyohz.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[-] [C:\Users\Hanzka\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [19141 bytes] ##########


díky za spolupráci

[Rudy]

Dejte nový log FRST.