VIRY.CZ

Zdravím

Mám v počítači vir policie (německý) a reklamy. Zatím jsem nezkoušel ničím odstranit jen jsem udělal log z rsit.

Děkuji za pomoc

Logfile of random's system information tool 1.09 (written by random/random)
Run by Verca at 2014-01-14 14:53:25
Microsoft Windows 7 Starter
System drive C: has 12 GB (6%) free of 192 GB
Total RAM: 2037 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:42, on 14.1.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Verca\Desktop\RSIT.exe
C:\Program Files\trend micro\Verca.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: VideoPlayerV3beta204 - {0c3071c0-2fc6-402b-bff7-8af1ea254842} - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta204\ie\VideoPlayerV3beta204.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.12\PriceGongIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Shopping Suggestion. - {e7e8ed77-2fba-4ec6-bc07-65de4de6709f} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [GPUTemp] "C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe"
O4 - HKCU\..\Run: [NextLive] C:\windows\system32\rundll32.exe "C:\Users\Verca\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Update Browsebeyond - Unknown owner - C:\Program Files\Browsebeyond\updateBrowsebeyond.exe (file missing)
O23 - Service: Util Browsebeyond - Unknown owner - C:\Program Files\Browsebeyond\bin\utilBrowsebeyond.exe (file missing)

--
End of file - 4618 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\AmiUpdXp.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{ea614400-e918-4741-9a97-7a972ff7c30b}:2.1.14, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

"ext@WebexpEnhancedV1alpha8377.net"=C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha8377\ff
"ext@VideoPlayerV3beta204.net"=C:\Program Files\VideoPlayerV3\VideoPlayerV3beta204\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe Reader 10.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
mall-cz.xml

C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\extensions\
toolbarbutton@vlc.info
{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\
ask-web-search.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
iminent.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c3071c0-2fc6-402b-bff7-8af1ea254842}]
Video Player - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta204\ie\VideoPlayerV3beta204.dll [2014-01-07 87040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
PriceGong - Price Comparison - C:\Program Files\PriceGong\2.6.12\PriceGongIE.dll [2013-07-02 457056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e8ed77-2fba-4ec6-bc07-65de4de6709f}]
Shopping Suggestion. - C:\windows\system32\mscoree.dll [2009-11-25 297808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"mobilegeni daemon"=C:\Program Files\Mobogenie\DaemonProcess.exe []
"GPUTemp"=C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe [2013-12-14 1299680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NextLive"=C:\Users\Verca\AppData\Roaming\newnext.me\nengine.dll [2013-11-14 1283584]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe Reader 10.0\Reader\Reader_sl.exe [2013-09-03 40312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2009-10-23 5064560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility]
C:\Program Files\Lenovo\Energy Management\utility.exe [2009-10-23 4114288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\windows\system32\hkcmd.exe [2010-05-26 173592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\windows\system32\igfxtray.exe [2010-05-26 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\windows\system32\igfxpers.exe [2010-05-26 150552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg]
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [2010-05-18 1407520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-05-18 9210400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2013-07-25 20684656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-11-25 1594664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-05-26 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2010-03-09 203776]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-01-14 14:53:25 ----D---- C:\rsit
2014-01-09 22:07:03 ----D---- C:\Program Files\VideoPlayerV3
2013-12-29 11:39:00 ----D---- C:\Program Files\WebexpEnhancedV1

======List of files/folders modified in the last 1 month======

2014-01-14 14:53:42 ----D---- C:\Program Files\trend micro
2014-01-14 14:53:39 ----D---- C:\windows\Prefetch
2014-01-14 14:53:04 ----D---- C:\windows\System32
2014-01-14 14:53:04 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-01-14 14:52:22 ----D---- C:\windows\temp
2014-01-14 14:48:20 ----D---- C:\Users\Verca\AppData\Roaming\newnext.me
2014-01-14 14:48:07 ----D---- C:\windows\system32\config
2014-01-09 22:07:03 ----RD---- C:\Program Files
2014-01-09 18:35:37 ----SHD---- C:\System Volume Information
2014-01-01 19:40:44 ----D---- C:\windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-05 218176]
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl6.sys [2009-11-05 2494968]
R3 Cam5607;Lenovo EasyCamera ; C:\windows\System32\Drivers\BisonC07.sys [2010-01-29 1313776]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-05-26 4806144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-05-18 3096992]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-11-25 230576]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
R3 wdmirror;wdmirror; C:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 Bridge0;Bridge0; C:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 393216]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 CFcatchme;CFcatchme; \??\C:\Users\Verca\AppData\Local\Temp\CFcatchme.sys []
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2012-09-12 49664]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-09-30 175104]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 128104]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 WSDScan;Podpora skenování WSD přes UMB; C:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DvmMDES;DeviceVM Meta Data Export Service; C:\QSTART.SYS\config\DVMExportService.exe [2009-12-29 331776]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 IGRS;IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter; C:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 1713904]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Update Browsebeyond;Update Browsebeyond; C:\Program Files\Browsebeyond\updateBrowsebeyond.exe []
S2 Util Browsebeyond;Util Browsebeyond; C:\Program Files\Browsebeyond\bin\utilBrowsebeyond.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10 257416]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PS_MDP;ReadyComm Presentation Space Helper Service; C:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-10 119408]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-07-25 162672]

-----------------EOF-----------------

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Starter x86
Ran by Verca on Łt 14.01.2014 at 16:14:50,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
NextLive REG_SZ C:\windows\system32\rundll32.exe "C:\Users\Verca\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\pricefactorie.pricegongbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\pricefactorie.pricegongbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\pricegongie.pricegongctrl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\pricegongie.pricegongctrl.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\pricegongie.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\pricegong
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}



~~~ Files

Successfully deleted: [File] C:\windows\Tasks\amiupdxp.job



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Verca\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Verca\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\pricegong"



~~~ FireFox

Successfully deleted: [File] C:\Users\Verca\AppData\Roaming\mozilla\firefox\profiles\5df5zawj.default\user.js
Successfully deleted: [File] C:\Users\Verca\AppData\Roaming\mozilla\firefox\profiles\5df5zawj.default\searchplugins\ask-web-search.xml
Successfully deleted: [Folder] C:\Users\Verca\AppData\Roaming\mozilla\firefox\profiles\5df5zawj.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}
Successfully deleted the following from C:\Users\Verca\AppData\Roaming\mozilla\firefox\profiles\5df5zawj.default\prefs.js

user_pref("extensions.iminent.admin", false);
user_pref("extensions.iminent.aflt", "orgnl");
user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
user_pref("extensions.iminent.autoRvrt", "false");
user_pref("extensions.iminent.cntry", "DE");
user_pref("extensions.iminent.dfltLng", "");
user_pref("extensions.iminent.excTlbr", false);
user_pref("extensions.iminent.ffxUnstlRst", false);
user_pref("extensions.iminent.hdrMd5", "E6CD667FD34CDB41E5B231265C4F6C21");
user_pref("extensions.iminent.id", "78cf987b000000000000002682b7159a");
user_pref("extensions.iminent.instlDay", "16052");
user_pref("extensions.iminent.instlRef", "");
user_pref("extensions.iminent.lastVrsnTs", "1.8.28.30:31:52");
user_pref("extensions.iminent.newTab", false);
user_pref("extensions.iminent.prdct", "iminent");
user_pref("extensions.iminent.prtnrId", "iminent");
user_pref("extensions.iminent.rvrt", "false");
user_pref("extensions.iminent.sg", "none");
user_pref("extensions.iminent.smplGrp", "none");
user_pref("extensions.iminent.tlbrId", "GCPCTSAD");
user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
user_pref("extensions.iminent.vrsn", "1.8.28.3");
user_pref("extensions.iminent.vrsnTs", "1.8.28.30:31:52");
user_pref("extensions.iminent.vrsni", "1.8.28.3");
user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1383725441634");
user_pref("extensions.toolbar.mindspark._64Members_.toolbarCollapsed", true);
user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", false);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
user_pref("iminent.LayoutId", "1");
user_pref("iminent.adapters", "{\"coolestmovie\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"expireTime\":\"1386977475924259200\"},\"bloger\":{\"CountryCode\":\"DE\
user_pref("iminent.version", "7.50.3.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1386978171198}");
Emptied folder: C:\Users\Verca\AppData\Roaming\mozilla\firefox\profiles\5df5zawj.default\minidumps [233 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 14.01.2014 at 16:20:36,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v3.017 - Report created 14/01/2014 at 16:33:32
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Starter (32 bits)
# Username : Verca - VERCA-PC
# Running from : C:\Users\Verca\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\Program Files\IminentToolbar
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\Moozy
Folder Deleted : C:\Users\Verca\AppData\Local\genienext
Folder Deleted : C:\Users\Verca\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Verca\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Verca\Documents\Mobogenie
Folder Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\ICQToolbarData
Folder Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\TelevisionFanatic
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin.gif
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin.src
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-10.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-11.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-8.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-9.xml
File Deleted : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\iminent.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Iminent.com
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\prefs.js ]

Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.facebookSmilesAddonHiddenPacks", "");
Line Deleted : user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1384289156);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "");
Line Deleted : user_pref("icqtoolbar.history", "%C5%A1uk%C3%A1n%C3%AD||nejlevn%C4%9Bj%C5%A1%C3%AD%20dovolen%C3%A1||fanshop%20viktoria%20plze%C5%88||algauer%20sonthofen%20volleyball||reiseb%C3%BCro%20neckermann||nejl[...]
Line Deleted : user_pref("icqtoolbar.icqgeo", 49);
Line Deleted : user_pref("icqtoolbar.installTime", "1352846987");
Line Deleted : user_pref("icqtoolbar.newtab2_state", false);
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "25.0.1");
Line Deleted : user_pref("icqtoolbar.showAds", false);
Line Deleted : user_pref("icqtoolbar.showPc", false);
Line Deleted : user_pref("icqtoolbar.shownElements", "itb_highlight itb_games itb_zoom_default itb_zoom_out itb_zoom_in itb_people itb_options");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uninstStatSent", true);
Line Deleted : user_pref("icqtoolbar.uniqueID", "135275483513526335231352760988950");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1384722863);
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("iminent.adapters", "{\"coolestmovie\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"expireTime\":\"1386977475924259200\"},\"bloger\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Statu[...]
Line Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1386978171198}");

*************************

AdwCleaner[R0].txt - [11770 octets] - [14/01/2014 16:22:17]
AdwCleaner[S0].txt - [11896 octets] - [14/01/2014 16:33:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11957 octets] ##########

# AdwCleaner v3.017 - Report created 14/01/2014 at 16:22:17
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Starter (32 bits)
# Username : Verca - VERCA-PC
# Running from : C:\Users\Verca\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin.gif
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin.src
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-1.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-10.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-11.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-2.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-3.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-4.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-5.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-6.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-7.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-8.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\icqplugin-9.xml
File Found : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\iminent.xml
Folder Found C:\Program Files\IminentToolbar
Folder Found C:\Program Files\Mobogenie
Folder Found C:\Program Files\Moozy
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Found C:\Users\Verca\AppData\Local\genienext
Folder Found C:\Users\Verca\AppData\Local\Mobogenie
Folder Found C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\ICQToolbarData
Folder Found C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\TelevisionFanatic
Folder Found C:\Users\Verca\AppData\Roaming\newnext.me
Folder Found C:\Users\Verca\Documents\Mobogenie

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Iminent.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\prefs.js ]

Line Found : user_pref("icqtoolbar.allowSendURL", false);
Line Found : user_pref("icqtoolbar.engineVerified", true);
Line Found : user_pref("icqtoolbar.facebookSmilesAddonHiddenPacks", "");
Line Found : user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true);
Line Found : user_pref("icqtoolbar.firstTbRun", false);
Line Found : user_pref("icqtoolbar.geolastmodified", 1384289156);
Line Found : user_pref("icqtoolbar.hiddenElements", "");
Line Found : user_pref("icqtoolbar.history", "%C5%A1uk%C3%A1n%C3%AD||nejlevn%C4%9Bj%C5%A1%C3%AD%20dovolen%C3%A1||fanshop%20viktoria%20plze%C5%88||algauer%20sonthofen%20volleyball||reiseb%C3%BCro%20neckermann||nejl[...]
Line Found : user_pref("icqtoolbar.icqgeo", 49);
Line Found : user_pref("icqtoolbar.installTime", "1352846987");
Line Found : user_pref("icqtoolbar.newtab2_state", false);
Line Found : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Found : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Found : user_pref("icqtoolbar.numberOfSearches", 0);
Line Found : user_pref("icqtoolbar.previousFFVersion", "25.0.1");
Line Found : user_pref("icqtoolbar.showAds", false);
Line Found : user_pref("icqtoolbar.showPc", false);
Line Found : user_pref("icqtoolbar.shownElements", "itb_highlight itb_games itb_zoom_default itb_zoom_out itb_zoom_in itb_people itb_options");
Line Found : user_pref("icqtoolbar.skip_default_search", "no");
Line Found : user_pref("icqtoolbar.suggestions", false);
Line Found : user_pref("icqtoolbar.uninstStatSent", true);
Line Found : user_pref("icqtoolbar.uniqueID", "135275483513526335231352760988950");
Line Found : user_pref("icqtoolbar.usageStatstTimestamp", 1384722863);
Line Found : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Found : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Found : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Found : user_pref("icqtoolbar.voucherWasShown", 0);
Line Found : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Found : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Found : user_pref("iminent.adapters", "{\"coolestmovie\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"expireTime\":\"1386977475924259200\"},\"bloger\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Statu[...]
Line Found : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1386978171198}");

*************************

AdwCleaner[R0].txt - [11628 octets] - [14/01/2014 16:22:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11689 octets] ##########

Poprosim o log dle tohoto http://forum.viry.cz/viewtopic.php?f=13&t=133100

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-01-2014 02
Ran by Verca (administrator) on VERCA-PC on 14-01-2014 17:26:55
Running from C:\Users\Verca\Desktop
Microsoft Windows 7 Starter (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(DeviceVM, Inc.) C:\QSTART.SYS\config\DVMExportService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(forum.viry.cz) C:\Users\Verca\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [GPUTemp] - C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe [1299680 2013-12-14] () <===== ATTENTION
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-05] (DT Soft Ltd)
HKU\Default\...\RunOnce: [LenovoWallpaper] - C:\Program Files\desktop\ChangeDesktop.exe [ 2009-09-30] ()
HKU\Default User\...\RunOnce: [LenovoWallpaper] - C:\Program Files\desktop\ChangeDesktop.exe [ 2009-09-30] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Shopping Suggestion. - {e7e8ed77-2fba-4ec6-bc07-65de4de6709f} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1

FireFox:
========
FF ProfilePath: C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: www.seznam.cz
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: VLC Addon - C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\Extensions\toolbarbutton@vlc.info [2013-12-14]
FF Extension: Shopping Suggestion - C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\Extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi [2013-12-14]
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha8377.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha8377\ff
FF Extension: Webexp Enhanced - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha8377\ff [2013-12-29]
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta204.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta204\ff
FF Extension: Video Player - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta204\ff [2014-01-09]

========================== Services (Whitelisted) =================

R2 DvmMDES; C:\QSTART.SYS\config\DVMExportService.exe [331776 2009-12-29] (DeviceVM, Inc.)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S2 Update Browsebeyond; "C:\Program Files\Browsebeyond\updateBrowsebeyond.exe" [x]
S2 Util Browsebeyond; "C:\Program Files\Browsebeyond\bin\utilBrowsebeyond.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [1313776 2010-01-29] (Bison Electronics. Inc. )
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218176 2011-04-05] (DT Soft Ltd)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 CFcatchme; \??\C:\Users\Verca\AppData\Local\Temp\CFcatchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-14 17:26 - 2014-01-14 17:27 - 00008741 _____ C:\Users\Verca\Desktop\FRST.txt
2014-01-14 17:25 - 2014-01-14 17:25 - 00000000 ____D C:\FRST
2014-01-14 17:24 - 2014-01-14 17:26 - 00112640 _____ (forum.viry.cz) C:\Users\Verca\Desktop\FRSTLauncher.exe
2014-01-14 17:24 - 2014-01-14 17:25 - 01219584 _____ (Farbar) C:\Users\Verca\Desktop\FRST.exe
2014-01-14 16:21 - 2014-01-14 16:33 - 00000000 ____D C:\AdwCleaner
2014-01-14 16:20 - 2014-01-14 16:20 - 00007247 _____ C:\Users\Verca\Desktop\JRT.txt
2014-01-14 16:14 - 2014-01-14 16:14 - 00000000 ____D C:\windows\ERUNT
2014-01-14 16:13 - 2014-01-14 16:14 - 01236282 _____ C:\Users\Verca\Desktop\adwcleaner.exe
2014-01-14 16:13 - 2014-01-14 16:14 - 01037068 _____ (Thisisu) C:\Users\Verca\Desktop\JRT.exe
2014-01-14 14:53 - 2014-01-14 14:53 - 00000000 ____D C:\rsit
2014-01-14 14:52 - 2014-01-14 14:53 - 00781383 _____ C:\Users\Verca\Desktop\RSIT.exe
2014-01-09 22:07 - 2014-01-09 22:07 - 00000000 ____D C:\Program Files\VideoPlayerV3
2014-01-08 10:15 - 2014-01-08 12:24 - 1468422144 _____ C:\Users\Verca\Downloads\bastardi-drama-cesko-2010-přes-MultiLoad.cz.avi
2014-01-08 00:21 - 2014-01-08 01:27 - 1173135932 _____ C:\Users\Verca\Downloads\DRAMA(CZ)-Bastardi_2(2011)_[CZ].mp4
2014-01-08 00:03 - 2014-01-08 00:03 - 00219199 _____ C:\Users\Verca\Downloads\GotClip_Setup(1).exe
2014-01-06 21:33 - 2014-01-06 21:40 - 00000000 ____D C:\Users\Verca\Desktop\Kuba 8G
2014-01-06 21:26 - 2014-01-06 21:33 - 00000000 ____D C:\Users\Verca\Desktop\Kuba 4G
2014-01-06 15:01 - 2014-01-06 15:34 - 00000000 ____D C:\Users\Verca\Desktop\1
2014-01-06 14:50 - 2014-01-06 15:46 - 00000000 ____D C:\Users\Verca\Desktop\2
2014-01-06 13:41 - 2014-01-06 15:24 - 963602034 _____ C:\Users\Verca\Downloads\HŘÍŠNÝ-TANEC-2-cz-avi-romantický-USA-2004-(Xvid-high-720x404)-DERKEN.avi
2013-12-29 13:48 - 2013-12-16 01:47 - 1198030098 _____ C:\Users\Verca\Desktop\Bastardi-3.avi
2013-12-29 13:48 - 2013-12-14 00:10 - 97479440 _____ C:\Users\Verca\Desktop\BASTARDI-.avi
2013-12-29 11:39 - 2013-12-29 11:39 - 00000000 ____D C:\Program Files\WebexpEnhancedV1
2013-12-28 19:50 - 2014-01-06 21:47 - 00000000 ____D C:\Users\Verca\Desktop\KUBA
2013-12-27 21:15 - 2013-12-28 23:49 - 00000000 ____D C:\Users\Verca\Desktop\Nová složka (3)

==================== One Month Modified Files and Folders =======

2014-01-14 17:27 - 2014-01-14 17:26 - 00008741 _____ C:\Users\Verca\Desktop\FRST.txt
2014-01-14 17:26 - 2014-01-14 17:24 - 00112640 _____ (forum.viry.cz) C:\Users\Verca\Desktop\FRSTLauncher.exe
2014-01-14 17:25 - 2014-01-14 17:25 - 00000000 ____D C:\FRST
2014-01-14 17:25 - 2014-01-14 17:24 - 01219584 _____ (Farbar) C:\Users\Verca\Desktop\FRST.exe
2014-01-14 17:24 - 2010-07-25 05:00 - 00005410 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-14 17:07 - 2012-11-09 10:54 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-14 16:45 - 2010-07-25 05:51 - 00000177 ____H C:\dvmexp.idx
2014-01-14 16:42 - 2009-07-14 05:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 16:42 - 2009-07-14 05:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 16:38 - 2010-07-25 04:50 - 01711218 _____ C:\windows\WindowsUpdate.log
2014-01-14 16:34 - 2011-07-23 08:56 - 00061152 _____ C:\windows\setupact.log
2014-01-14 16:34 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-14 16:33 - 2014-01-14 16:21 - 00000000 ____D C:\AdwCleaner
2014-01-14 16:20 - 2014-01-14 16:20 - 00007247 _____ C:\Users\Verca\Desktop\JRT.txt
2014-01-14 16:14 - 2014-01-14 16:14 - 00000000 ____D C:\windows\ERUNT
2014-01-14 16:14 - 2014-01-14 16:13 - 01236282 _____ C:\Users\Verca\Desktop\adwcleaner.exe
2014-01-14 16:14 - 2014-01-14 16:13 - 01037068 _____ (Thisisu) C:\Users\Verca\Desktop\JRT.exe
2014-01-14 14:53 - 2014-01-14 14:53 - 00000000 ____D C:\rsit
2014-01-14 14:53 - 2014-01-14 14:52 - 00781383 _____ C:\Users\Verca\Desktop\RSIT.exe
2014-01-14 14:53 - 2011-07-20 13:50 - 00000000 ____D C:\Program Files\trend micro
2014-01-09 22:07 - 2014-01-09 22:07 - 00000000 ____D C:\Program Files\VideoPlayerV3
2014-01-08 12:24 - 2014-01-08 10:15 - 1468422144 _____ C:\Users\Verca\Downloads\bastardi-drama-cesko-2010-přes-MultiLoad.cz.avi
2014-01-08 01:27 - 2014-01-08 00:21 - 1173135932 _____ C:\Users\Verca\Downloads\DRAMA(CZ)-Bastardi_2(2011)_[CZ].mp4
2014-01-08 00:03 - 2014-01-08 00:03 - 00219199 _____ C:\Users\Verca\Downloads\GotClip_Setup(1).exe
2014-01-06 21:48 - 2011-06-28 22:05 - 00000000 ____D C:\Users\Verca\Desktop\olympus
2014-01-06 21:47 - 2013-12-28 19:50 - 00000000 ____D C:\Users\Verca\Desktop\KUBA
2014-01-06 21:40 - 2014-01-06 21:33 - 00000000 ____D C:\Users\Verca\Desktop\Kuba 8G
2014-01-06 21:40 - 2013-09-03 15:25 - 00000000 ____D C:\Users\Verca\Desktop\ja
2014-01-06 21:33 - 2014-01-06 21:26 - 00000000 ____D C:\Users\Verca\Desktop\Kuba 4G
2014-01-06 21:24 - 2013-11-02 02:30 - 00000000 ____D C:\Users\Verca\Desktop\Hausparty
2014-01-06 15:46 - 2014-01-06 14:50 - 00000000 ____D C:\Users\Verca\Desktop\2
2014-01-06 15:34 - 2014-01-06 15:01 - 00000000 ____D C:\Users\Verca\Desktop\1
2014-01-06 15:24 - 2014-01-06 13:41 - 963602034 _____ C:\Users\Verca\Downloads\HŘÍŠNÝ-TANEC-2-cz-avi-romantický-USA-2004-(Xvid-high-720x404)-DERKEN.avi
2014-01-04 20:52 - 2013-02-01 17:27 - 00000000 ____D C:\Users\Verca\AppData\Local\Windows Live
2013-12-29 19:58 - 2009-07-14 05:53 - 00032536 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-12-29 11:39 - 2013-12-29 11:39 - 00000000 ____D C:\Program Files\WebexpEnhancedV1
2013-12-28 23:49 - 2013-12-27 21:15 - 00000000 ____D C:\Users\Verca\Desktop\Nová složka (3)
2013-12-27 13:37 - 2013-11-24 12:08 - 00000000 ____D C:\Users\Verca\Desktop\filmy 2
2013-12-27 13:31 - 2011-07-23 09:17 - 00022504 _____ C:\windows\PFRO.log
2013-12-16 19:39 - 2013-10-03 19:58 - 00000000 ____D C:\Users\Verca\Desktop\bundesliga 2013-2014
2013-12-16 01:47 - 2013-12-29 13:48 - 1198030098 _____ C:\Users\Verca\Desktop\Bastardi-3.avi

Files to move or delete:
====================
C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe


Some content of TEMP:
====================
C:\Users\Verca\AppData\Local\Temp\contentDATs.exe
C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe
C:\Users\Verca\AppData\Local\Temp\GuardICQ.exe
C:\Users\Verca\AppData\Local\Temp\OpenCL.dll
C:\Users\Verca\AppData\Local\Temp\ose00000.exe
C:\Users\Verca\AppData\Local\Temp\prefetch.exe
C:\Users\Verca\AppData\Local\Temp\presetup.exe
C:\Users\Verca\AppData\Local\Temp\Quarantine.exe
C:\Users\Verca\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Verca\AppData\Local\Temp\Setup.exe
C:\Users\Verca\AppData\Local\Temp\Setup1.exe
C:\Users\Verca\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 15:08




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (HDD) (Fixed) (Total:187.67 GB) (Free:15.11 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:30.27 GB) (Free:7.47 GB) NTFS

Available physical RAM: 1426.2 MB
Total physical RAM: 2037.42 MB
Percentage of memory in use: 29%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: ABA63C98)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=188 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Verca\Desktop" je 134662 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files\Adobe Reader 10.0\Reader\Reader_sl.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management
C:\Program Files\Lenovo\Energy Management\Energy Management.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnergyUtility
C:\Program Files\Lenovo\Energy Management\utility.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
C:\windows\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
C:\windows\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
C:\windows\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [GPUTemp] - C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe [1299680 2013-12-14] () <===== ATTENTION
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  SearchScopes: HKLM - DefaultScope value is missing.
  
  FF SearchPlugin: C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\searchplugins-backup
  
  S2 Update Browsebeyond; "C:\Program Files\Browsebeyond\updateBrowsebeyond.exe" [x]
  S2 Util Browsebeyond; "C:\Program Files\Browsebeyond\bin\utilBrowsebeyond.exe" [x]
  
  2014-01-14 16:20 - 2014-01-14 16:20 - 00007247 _____ C:\Users\Verca\Desktop\JRT.txt
  2014-01-14 16:13 - 2014-01-14 16:14 - 01236282 _____ C:\Users\Verca\Desktop\adwcleaner.exe
  2014-01-14 16:13 - 2014-01-14 16:14 - 01037068 _____ (Thisisu) C:\Users\Verca\Desktop\JRT.exe
  2014-01-14 14:52 - 2014-01-14 14:53 - 00781383 _____ C:\Users\Verca\Desktop\RSIT.exe
  2014-01-14 17:24 - 2014-01-14 17:26 - 00112640 _____ (forum.viry.cz) C:\Users\Verca\Desktop\FRSTLauncher.exe
  C:\Program Files\Browsebeyond
  C:\Users\Verca\AppData\Local\Temp\contentDATs.exe
  C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe
  C:\Users\Verca\AppData\Local\Temp\GuardICQ.exe
  C:\Users\Verca\AppData\Local\Temp\OpenCL.dll
  C:\Users\Verca\AppData\Local\Temp\ose00000.exe
  C:\Users\Verca\AppData\Local\Temp\prefetch.exe
  C:\Users\Verca\AppData\Local\Temp\presetup.exe
  C:\Users\Verca\AppData\Local\Temp\Quarantine.exe
  C:\Users\Verca\AppData\Local\Temp\SecurityScan_Release.exe
  C:\Users\Verca\AppData\Local\Temp\Setup.exe
  C:\Users\Verca\AppData\Local\Temp\Setup1.exe
  C:\Users\Verca\AppData\Local\Temp\SkypeSetup.exe
  
  Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-01-2014 02
Ran by Verca at 2014-01-14 18:31:33 Run:1
Running from C:\Users\Verca\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [GPUTemp] - C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe [1299680 2013-12-14] () <===== ATTENTION

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.

FF SearchPlugin: C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\searchplugins-backup

S2 Update Browsebeyond; "C:\Program Files\Browsebeyond\updateBrowsebeyond.exe" [x]
S2 Util Browsebeyond; "C:\Program Files\Browsebeyond\bin\utilBrowsebeyond.exe" [x]

2014-01-14 16:20 - 2014-01-14 16:20 - 00007247 _____ C:\Users\Verca\Desktop\JRT.txt
2014-01-14 16:13 - 2014-01-14 16:14 - 01236282 _____ C:\Users\Verca\Desktop\adwcleaner.exe
2014-01-14 16:13 - 2014-01-14 16:14 - 01037068 _____ (Thisisu) C:\Users\Verca\Desktop\JRT.exe
2014-01-14 14:52 - 2014-01-14 14:53 - 00781383 _____ C:\Users\Verca\Desktop\RSIT.exe
2014-01-14 17:24 - 2014-01-14 17:26 - 00112640 _____ (forum.viry.cz) C:\Users\Verca\Desktop\FRSTLauncher.exe
C:\Program Files\Browsebeyond
C:\Users\Verca\AppData\Local\Temp\contentDATs.exe
C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe
C:\Users\Verca\AppData\Local\Temp\GuardICQ.exe
C:\Users\Verca\AppData\Local\Temp\OpenCL.dll
C:\Users\Verca\AppData\Local\Temp\ose00000.exe
C:\Users\Verca\AppData\Local\Temp\prefetch.exe
C:\Users\Verca\AppData\Local\Temp\presetup.exe
C:\Users\Verca\AppData\Local\Temp\Quarantine.exe
C:\Users\Verca\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Verca\AppData\Local\Temp\Setup.exe
C:\Users\Verca\AppData\Local\Temp\Setup1.exe
C:\Users\Verca\AppData\Local\Temp\SkypeSetup.exe

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GPUTemp => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
Could not move "C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\searchplugins-backup" => Scheduled to move on reboot.
Update Browsebeyond => Service deleted successfully.
Util Browsebeyond => Service deleted successfully.
C:\Users\Verca\Desktop\JRT.txt => Moved successfully.
C:\Users\Verca\Desktop\adwcleaner.exe => Moved successfully.
C:\Users\Verca\Desktop\JRT.exe => Moved successfully.
C:\Users\Verca\Desktop\RSIT.exe => Moved successfully.
C:\Users\Verca\Desktop\FRSTLauncher.exe => Moved successfully.
"C:\Program Files\Browsebeyond" => File/Directory not found.
C:\Users\Verca\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\GPUTemp.exe => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\GuardICQ.exe => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\OpenCL.dll => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\prefetch.exe => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\presetup.exe => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\Setup.exe => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\Setup1.exe => Moved successfully.
C:\Users\Verca\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-14 18:32:45)<=

C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\searchplugins\searchplugins-backup => Is moved successfully.

==== End of Fixlog ====

Jak se chova PC

Ve firefoxu vyskakuje reklama dole uprostřed a ta by tam asi být neměla. Jinak to vypadá v pořádku.

Jmeno te reklamy nebo kam odkazuje dokazete dat?

ams1.ibadnxs.com/click?ub6f61g4nj_tkuz...dinewsreporter.com.... nevím jestli to je ono do reklamy jsem neklepal jenom opisuju z náhledu.

v programech se mi nezdají programy: video player , webex enhanced vydavatel je stejný jako název.

Ty dva odinstalujte

Ve Firefoxu dejte Spravce doplnku-Rozsireni a mrknete, ktere se vam nezdaji

Tak ty dva jsem odinstaloval a ve firefoxu v rozšíření jsem odinstaloval shopping suggestion. Ale reklamy pořád vyskakují

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  FF Extension: Shopping Suggestion - C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\Extensions\{D394D188-BAC7-4e03-8FAF-389A4D7EC6F4}.xpi [2013-12-14]
  FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha8377.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha8377\ff
  FF Extension: Webexp Enhanced - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha8377\ff [2013-12-29]
  FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta204.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta204\ff
  FF Extension: Video Player - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta204\ff [2014-01-09]
  FF Extension: VLC Addon - C:\Users\Verca\AppData\Roaming\Mozilla\Firefox\Profiles\5df5zawj.default\Extensions\toolbarbutton@vlc.info [2013-12-14]
  
  C:\Program Files\WebexpEnhancedV1
  C:\Program Files\VideoPlayerV3
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt