VIRY.CZ

Dobrý den,

používám internetový prohlížeč Google chrome, dříve jsem používal Mozzilu, když spustím prohlížeč, vyskakují mi na stránce reklamy (dole , vlevo i v pravém dolním rohu), s tím je spojen i pomalý, někdy skoro nefungující internet. Připojení vpořádku. Zkusil jsem Chrome i firefox odinstalovat a znovu nainstalovat přes Internet explorer, ale souboru už nejdou ani stáhnout, v průběhu napíše přerušeno atd. Bude v tom mít prsty nějaký vir, nevíte někdo kde může být problém a jak ho vyřešit ? Mockrát děkuji.

Ke všemu se stává, že po nějaké chvíli stránka přeskočí na úplně jinou (nějaké typy online her).

Zdravim

Dejte prosim log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

log z RSIT tady: (včera jsem udělal důkladnou prohlídku PC pomocí Avast, kontrola trvala několik hodin, našly se 2 hrozby, odstranil jsem a zatím to to jede vpořádku), snad se to zase neobjeví.

Logfile of random's system information tool 1.08 (written by random/random)
Run by A at 2014-06-01 09:04:26
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 22 GB (9%) free of 260 GB
Total RAM: 6097 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:04:47, on 1.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\postgreSQL\bin\pg_ctl.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\WebSpades\updateWebSpades.exe
C:\Program Files (x86)\WebSpades\bin\utilWebSpades.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Windows\SysWOW64\jmdp\stij.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Users\A\AppData\Local\Apps\2.0\73QRAMGP.PHB\GG8YCKKY.X54\poke...app_e892221e2968472d_0002.0001_eafaee58878e7b6b\PSC.SideKick.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\A.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [20140529] C:\Program Files\AVAST Software\Avast\setup\emupdate\812769ee-5f60-4be7-b110-5c3072c19a44.exe /check
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PokerStrategy.com SideKick] "C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms"
O4 - HKCU\..\Run: [RGSC] D:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4089783447-3208013067-3963371071-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4089783447-3208013067-3963371071-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4089783447-3208013067-3963371071-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-4089783447-3208013067-3963371071-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Oříznout tuto stránku - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Vystřihnout obrázek - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Vystřihnout URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Výběr oříznutí - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: Asus process privilege adjust service (AsusUacSvc) - Unknown owner - C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - c:/postgreSQL/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update WebSpades - Unknown owner - C:\Program Files (x86)\WebSpades\updateWebSpades.exe
O23 - Service: Util WebSpades - Unknown owner - C:\Program Files (x86)\WebSpades\bin\utilWebSpades.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 18946 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
C:\Windows\system32\WLANExt.exe 36290592
\??\C:\Windows\system32\conhost.exe "2057023621821657588-189623479462097712-4608900141067587491610902047-205842976
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe"
"C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\dmwu.exe
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
c:/postgreSQL/bin/postgres.exe -D "c:/postgreSQL/data"
\??\C:\Windows\system32\conhost.exe "-28758780214899300411553249674-1209709633-336699345-2102093117-181524826-1153472791
"c:/postgreSQL/bin/postgres.exe" "--forkboot" "904" "-x3"
"c:/postgreSQL/bin/postgres.exe" "--forkboot" "908" "-x4"
"c:/postgreSQL/bin/postgres.exe" "--forkavlauncher" "904"
"c:/postgreSQL/bin/postgres.exe" "--forkcol" "908"
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\WebSpades\updateWebSpades.exe"
"C:\Program Files (x86)\WebSpades\bin\utilWebSpades.exe"
C:\Windows\system32\viakaraokesrv.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 3212
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
taskeng.exe {0B6778EF-ADF5-490D-82BE-5791619ABA46}
"taskhost.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe"
taskeng.exe {527AA7C9-3EEE-4771-8FF8-1F79668EC916}
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
"C:\Program Files\ASUS\P4G\BatteryLife.exe"
ATKOSD.exe
WDC.exe
"C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe" --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d --caller winlogon
"C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe" --domain-id 4e00205a-2ab1-4423-8f77-cc25b82cde1d
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\SysWOW64\jmdp\stij.exe"
"C:\Windows\System32\ljkb\stij.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe"
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files\Elantech\ETDGesture.exe"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\SysWOW64\ACEngSvr.exe -Embedding
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding
"C:\Users\A\AppData\Local\Apps\2.0\73QRAMGP.PHB\GG8YCKKY.X54\poke...app_e892221e2968472d_0002.0001_eafaee58878e7b6b\PSC.SideKick.exe"
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5516 CREDAT:275457 /prefetch:2
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\A\Desktop\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-01 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-02 581824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-01 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-02 436600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-14 585568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-12-20 11406608]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2012-02-19 2661672]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2011-05-26 361984]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-05-16 1012000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]
"PokerStrategy.com SideKick"=C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms [2013-10-24 450]
"RGSC"=D:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2012-02-24 3331312]
"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [2011-07-29 737104]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-07 291608]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-03-30 5138032]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-04-07 322176]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2011-10-25 174720]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"CPMonitor"=C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [2011-05-23 84464]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2012-02-03 2321072]
"ACMON"=C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-02-22 102568]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2013-01-07 3058304]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2010-08-20 107816]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-26 3888648]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"20140529"=C:\Program Files\AVAST Software\Avast\setup\emupdate\812769ee-5f60-4be7-b110-5c3072c19a44.exe [2014-06-01 183208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-06-01 09:04:26 ----D---- C:\Program Files\trend micro
2014-06-01 09:04:25 ----D---- C:\rsit
2014-05-31 21:45:11 ----SHD---- C:\Config.Msi
2014-05-27 17:50:19 ----A---- C:\Windows\system32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys
2014-05-17 18:54:09 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll
2014-05-17 18:54:08 ----D---- C:\Program Files (x86)\ffdshow
2014-05-17 18:53:23 ----D---- C:\Program Files (x86)\WebSpades
2014-05-17 18:52:53 ----D---- C:\Program Files (x86)\hdvidcodec.com
2014-05-15 10:26:11 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-15 10:26:11 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-15 10:26:11 ----A---- C:\Windows\system32\mshtml.dll
2014-05-15 10:26:10 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-14 16:37:33 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-05-14 09:58:27 ----A---- C:\Windows\system32\shell32.dll
2014-05-14 09:58:26 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-14 09:58:25 ----A---- C:\Windows\system32\aepdu.dll
2014-05-14 09:58:25 ----A---- C:\Windows\system32\aeinv.dll
2014-05-14 09:58:11 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-14 09:58:10 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-05-14 09:58:10 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-05-14 09:58:10 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-14 09:58:10 ----A---- C:\Windows\system32\kerberos.dll
2014-05-14 09:58:09 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-14 09:58:09 ----A---- C:\Windows\system32\winlogon.exe
2014-05-14 09:58:09 ----A---- C:\Windows\system32\objsel.dll
2014-05-14 09:58:09 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-14 09:58:08 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-14 09:58:08 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-14 09:58:08 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-14 09:58:08 ----A---- C:\Windows\system32\wdigest.dll
2014-05-14 09:58:08 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-14 09:58:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:58:08 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-14 09:58:07 ----A---- C:\Windows\SYSWOW64\wincredprovider.dll
2014-05-14 09:58:07 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-14 09:58:07 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-14 09:58:07 ----A---- C:\Windows\SYSWOW64\dpapiprovider.dll
2014-05-14 09:58:07 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-14 09:58:07 ----A---- C:\Windows\SYSWOW64\cngprovider.dll
2014-05-14 09:58:07 ----A---- C:\Windows\SYSWOW64\capiprovider.dll
2014-05-14 09:58:07 ----A---- C:\Windows\SYSWOW64\adprovider.dll
2014-05-14 09:58:07 ----A---- C:\Windows\system32\wincredprovider.dll
2014-05-14 09:58:07 ----A---- C:\Windows\system32\sspicli.dll
2014-05-14 09:58:07 ----A---- C:\Windows\system32\schannel.dll
2014-05-14 09:58:07 ----A---- C:\Windows\system32\lsass.exe
2014-05-14 09:58:07 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-14 09:58:07 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-14 09:58:07 ----A---- C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:58:07 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-14 09:58:07 ----A---- C:\Windows\system32\cngprovider.dll
2014-05-14 09:58:07 ----A---- C:\Windows\system32\capiprovider.dll
2014-05-14 09:58:07 ----A---- C:\Windows\system32\adprovider.dll
2014-05-14 09:58:06 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-14 09:58:06 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-05-14 09:58:06 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-14 09:58:06 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-14 09:58:06 ----A---- C:\Windows\system32\secur32.dll
2014-05-14 09:58:06 ----A---- C:\Windows\system32\credssp.dll
2014-05-07 10:36:51 ----SD---- C:\Windows\system32\CompatTel
2014-05-03 14:59:00 ----D---- C:\ProgramData\BlueStacksSetup
2014-05-02 12:07:21 ----D---- C:\Users\A\AppData\Roaming\Oracle
2014-05-02 12:06:54 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-05-02 12:06:50 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-05-02 12:06:50 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-05-02 12:06:50 ----A---- C:\Windows\SYSWOW64\java.exe
2014-05-02 11:09:27 ----D---- C:\Users\A\AppData\Roaming\AVAST Software
2014-05-02 11:05:16 ----A---- C:\Windows\system32\drivers\aswstm.sys
2014-05-02 11:05:16 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-05-02 11:04:15 ----A---- C:\Windows\system32\drivers\aswndisflt.sys.1400160459130
2014-05-02 10:59:57 ----A---- C:\Windows\system32\drivers\aswFW.sys

======List of files/folders modified in the last 1 months======

2014-06-01 09:04:32 ----A---- C:\IFRToolLog.txt
2014-06-01 09:04:27 ----D---- C:\Windows\Temp
2014-06-01 09:04:26 ----RD---- C:\Program Files
2014-06-01 08:59:27 ----A---- C:\Windows\SYSWOW64\log.txt
2014-06-01 02:19:53 ----D---- C:\Windows\system32\config
2014-06-01 02:18:22 ----D---- C:\ProgramData\NVIDIA
2014-05-31 23:10:43 ----A---- C:\Windows\win.ini
2014-05-31 23:10:23 ----D---- C:\Users\A\AppData\Roaming\Skype
2014-05-31 23:10:11 ----D---- C:\Program Files (x86)\GoforFiles
2014-05-31 23:01:14 ----D---- C:\Program Files (x86)\Czech Soccer Manager 2002 FE
2014-05-31 22:11:53 ----D---- C:\Windows\system32\Tasks
2014-05-31 22:11:51 ----SHD---- C:\Windows\Installer
2014-05-31 22:11:51 ----RD---- C:\Program Files (x86)
2014-05-31 22:11:51 ----D---- C:\Windows\Tasks
2014-05-31 22:11:51 ----D---- C:\Program Files (x86)\Google
2014-05-31 21:57:19 ----SD---- C:\Users\A\AppData\Roaming\Microsoft
2014-05-31 21:44:38 ----SHD---- C:\System Volume Information
2014-05-31 16:18:03 ----D---- C:\Program Files (x86)\PokerTracker 4
2014-05-31 09:34:44 ----D---- C:\Program Files (x86)\PokerStars
2014-05-31 09:29:19 ----D---- C:\Program Files\IB Updater
2014-05-30 14:51:37 ----D---- C:\Program Files (x86)\PokerStars.Alpha
2014-05-30 14:40:07 ----D---- C:\Windows\Prefetch
2014-05-30 14:39:21 ----RD---- C:\Program Files (x86)\Skype
2014-05-30 14:39:21 ----D---- C:\Program Files (x86)\Common Files
2014-05-30 14:39:19 ----D---- C:\ProgramData\Skype
2014-05-30 14:38:22 ----D---- C:\Windows\system32\NDF
2014-05-30 14:37:43 ----D---- C:\Users\A\AppData\Roaming\vlc
2014-05-29 23:56:09 ----A---- C:\blitzerr.txt
2014-05-29 20:02:14 ----D---- C:\Users\A\AppData\Roaming\HoldemManager
2014-05-29 18:51:27 ----D---- C:\Users\A\AppData\Roaming\TableNinja.v2
2014-05-27 23:40:40 ----D---- C:\Windows\System32
2014-05-27 23:40:40 ----D---- C:\Windows\inf
2014-05-27 23:40:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-27 18:57:59 ----D---- C:\Windows\rescache
2014-05-27 17:50:19 ----D---- C:\Windows\system32\drivers
2014-05-27 17:20:53 ----D---- C:\Windows\system32\catroot2
2014-05-26 19:31:06 ----D---- C:\Users\A\AppData\Roaming\ICQ
2014-05-22 23:16:22 ----D---- C:\Users\A\AppData\Roaming\uTorrent
2014-05-22 15:26:22 ----D---- C:\Windows\system32\DriverStore
2014-05-22 15:26:22 ----D---- C:\Windows\system32\catroot
2014-05-22 15:25:49 ----AD---- C:\Windows
2014-05-18 14:35:45 ----A---- C:\speederr.txt
2014-05-18 14:11:12 ----D---- C:\Program Files (x86)\Full Tilt Poker
2014-05-17 18:54:09 ----D---- C:\Windows\SysWOW64
2014-05-17 18:43:38 ----D---- C:\Windows\Microsoft.NET
2014-05-17 18:43:02 ----RSD---- C:\Windows\assembly
2014-05-17 11:36:53 ----D---- C:\Windows\winsxs
2014-05-17 11:33:42 ----D---- C:\Windows\system32\cs-CZ
2014-05-15 10:26:07 ----D---- C:\ProgramData\Microsoft Help
2014-05-15 10:25:25 ----D---- C:\Windows\system32\MRT
2014-05-15 10:22:41 ----A---- C:\Windows\system32\MRT.exe
2014-05-14 09:41:39 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-05-11 13:26:30 ----D---- C:\Program Files (x86)\Holdem Manager 2
2014-05-05 22:34:52 ----A---- C:\log_hud.txt
2014-05-05 22:33:06 ----D---- C:\Program Files (x86)\SharkScope
2014-05-03 17:58:33 ----D---- C:\Program Files (x86)\TableNinja
2014-05-03 15:12:46 ----HD---- C:\ProgramData
2014-05-02 12:07:04 ----D---- C:\ProgramData\Oracle
2014-05-02 12:06:49 ----D---- C:\Program Files (x86)\Java
2014-05-02 11:04:57 ----A---- C:\Windows\system32\aswBoot.exe
2014-05-02 11:00:28 ----D---- C:\ProgramData\AVAST Software

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-05-02 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-05-02 208416]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-12-23 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-05-02 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-05-15 1039096]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-05-15 423240]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-09 283200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-05-02 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-05-02 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-05-15 85328]
R3 AiCharger;ASUS Charger Driver; C:\Windows\system32\DRIVERS\AiCharger.sys [2012-02-29 17152]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [2013-06-01 31920]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2012-02-24 80384]
R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2011-12-13 747008]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
R3 ibtfltcoex;ibtfltcoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-15 60416]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2012-01-09 11416576]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2012-03-23 2193008]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2011-05-26 71680]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-14 48488]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 203544]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2011-11-22 80512]
R2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
R2 AsusUacSvc;Asus process privilege adjust service; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2011-03-27 113840]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-22 96896]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-05-02 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-20 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-20 1104208]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-12 135952]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-12-08 618256]
R2 IBUpdaterService;IBUpdaterService; C:\Windows\system32\dmwu.exe [2014-04-07 2276144]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-02-29 277784]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-05-12 884512]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w []
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-12-08 148752]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-05-12 413472]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
R2 Update WebSpades;Update WebSpades; C:\Program Files (x86)\WebSpades\updateWebSpades.exe [2014-05-31 317728]
R2 Util WebSpades;Util WebSpades; C:\Program Files (x86)\WebSpades\bin\utilWebSpades.exe [2014-05-31 317728]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2012-03-23 27760]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-20 1304912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-14 1492840]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 289256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-12 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Jeste tam par smejdu mate

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

log z JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by A on po 02.06.2014 at 12:49:01,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4089783447-3208013067-3963371071-1001\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4089783447-3208013067-3963371071-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ib updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336d0c35-8a85-403a-b9d2-65c292c39087}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\ib updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\incredibar_installer_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\incredibar_installer_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E0EDC6A2-5C7E-4B43-A8DD-89B9049ED1F9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\pc speedup service deactivator.job"
Successfully deleted: [File] "C:\Users\A\appdata\locallow\SkwConfig.bin"
Failed to delete: [File] "C:\Windows\system32\dmwu.exe"
Failed to delete: [File] "C:\Windows\system32\ImHttpComm.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\A\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\A\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\A\AppData\Roaming\similarsites"
Successfully deleted: [Folder] "C:\Program Files (x86)\goforfiles"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\sitefinder"
Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"
Failed to delete: [Folder] "C:\Windows\syswow64\jmdp"
Successfully deleted: [Folder] "C:\Windows\syswow64\wnlt"
Successfully deleted: [Folder] "C:\Windows\system32\arfc"
Failed to delete: [Folder] "C:\Windows\system32\ljkb"
Successfully deleted: [Folder] "C:\Users\A\documents\pcspeedup"
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{129FFAB8-5384-419C-9CA6-F3CFB9B144DC}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{5F9F51FF-8B97-493C-8393-E87A7C311B36}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{8159FCD7-FED6-4EA2-9E29-E0E3E15CC500}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{E2D18B59-A1D5-4E60-AD86-CD5F1F8C1733}
Successfully deleted: [Empty Folder] C:\Users\A\appdata\local\{FEC3E22B-23FC-4A49-A3B1-6AB780F21A1B}
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\A\AppData\Roaming\mozilla\firefox\profiles\fr7hljdh.default\invalidprefs.js
Successfully deleted: [File] C:\Users\A\AppData\Roaming\mozilla\firefox\profiles\fr7hljdh.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\A\AppData\Roaming\mozilla\firefox\profiles\fr7hljdh.default\searchplugins\mystart search.xml
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{fe1deeea-db6d-44b8-83f0-34fc0f9d1052}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{fe1deeea-db6d-44b8-83f0-34fc0f9d1052}
Successfully deleted the following from C:\Users\A\AppData\Roaming\mozilla\firefox\profiles\fr7hljdh.default\prefs.js

user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 2&tsp=5208");
user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 3&tsp=5250");
user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 3&tsp=5250");
user_pref("extensions.incredibar.actvtyRptTime", "1362561258738");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.afterInstallRpt", "sent");
user_pref("extensions.incredibar.cntry", "CZ");
user_pref("extensions.incredibar.dfltLng", "EN");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.dfltlng", "EN");
user_pref("extensions.incredibar.dfltsrch", "false");
user_pref("extensions.incredibar.did", "10643");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "67455E85201D0EFE9F870EB97D01D2F0");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.hrdid", "38fba13a000000000000685d4381805e");
user_pref("extensions.incredibar.id", "38fba13a000000000000685d4381805e");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15714");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.instlday", "15714");
user_pref("extensions.incredibar.instlref", "");
user_pref("extensions.incredibar.isDcmntCmplt", false);
user_pref("extensions.incredibar.isdcmntcmplt", "false");
user_pref("extensions.incredibar.keywordurl", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:44:42");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.newtab", "false");
user_pref("extensions.incredibar.newtaburl", "");
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "1");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.prtnrid", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.smplgrp", "none");
user_pref("extensions.incredibar.srch", "");
user_pref("extensions.incredibar.srchprvdr", "");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyZRKJ8mW&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.tlbrid", "base");
user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyZRKJ8mW&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6OyZRKJ8mW");
user_pref("extensions.incredibar.upn2n", "92262773513316294");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:44:42");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:44:42");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10643");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "38fba13a000000000000685d4381805e");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15714");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "1");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyZRKJ8mW&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6OyZRKJ8mW");
user_pref("extensions.incredibar_i.upn2n", "92262773513316294");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:44:42");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://www.youtube.com/watch?v=
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://www.youtube.com/watc
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://isearch.babylon.com/?affID=116632&tt=0213_2&babsrc=NT_ss&mntrId=38fba13a000000000000685d438
user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://isearch.babylon.com/?affID=116632&tt=0213_2&babsrc=NT_ss&mntrId=38fba13a000000000000685
Emptied folder: C:\Users\A\AppData\Roaming\mozilla\firefox\profiles\fr7hljdh.default\minidumps [643 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 02.06.2014 at 12:56:07,76
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

log z ADW:
# AdwCleaner v3.211 - Report created 02/06/2014 at 12:59:41
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : A - A05-0421B
# Running from : C:\Users\A\Desktop\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService
[#] Service Deleted : pcsuservice

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files (x86)\HDvidCodec.com
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\ICQToolbarData
Folder Deleted : C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\A\AppDAtA\LocAl\Temp\Uninstall.exe
File Deleted : C:\Users\A\AppDAtA\LocAlLow\SkwConfig.bin
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\buenosearch.xml
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\icqplugin.xml
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\icqplugin-1.xml
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\icqplugin-2.xml
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\icqplugin-3.xml
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\icqplugin-4.xml
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\icqplugin-5.xml
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\icqplugin-6.xml
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\icqplugin-7.xml
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\icqplugin-8.xml
File Deleted : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\searchplugins\Sweetpacks Search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\Speedchecker Limited
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Speedchecker Limited
Key Deleted : HKLM\Software\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v

[ File : C:\Users\A\AppDAtA\RoAming\MozillA\Firefox\Profiles\fr7hljdh.default\prefs.js ]

Line Deleted : user_pref("extensions.buenosearch.admin", false);
Line Deleted : user_pref("extensions.buenosearch.aflt", "babsst");
Line Deleted : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Deleted : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.bbDpng", "17");
Line Deleted : user_pref("extensions.buenosearch.cntry", "CZ");
Line Deleted : user_pref("extensions.buenosearch.dfltLng", "en");
Line Deleted : user_pref("extensions.buenosearch.excTlbr", false);
Line Deleted : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.buenosearch.hdrMd5", "D7E304CE2F1488BCA25854D621080328");
Line Deleted : user_pref("extensions.buenosearch.id", "38fba13a000000000000685d4381805e");
Line Deleted : user_pref("extensions.buenosearch.instlDay", "16207");
Line Deleted : user_pref("extensions.buenosearch.instlRef", "sst");
Line Deleted : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.718:53:51");
Line Deleted : user_pref("extensions.buenosearch.newTab", false);
Line Deleted : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.rvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.sg", "azb");
Line Deleted : user_pref("extensions.buenosearch.smplGrp", "none");
Line Deleted : user_pref("extensions.buenosearch.tlbrId", "base");
Line Deleted : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Deleted : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.718:53:51");
Line Deleted : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.firstTbRun", false);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1368653940);
Line Deleted : user_pref("icqtoolbar.history", "konzumovateln%C3%A9%20obaly||p%C5%99%C3%ADrodn%C3%AD%20polymery||vise%20versa||boston%20bruins%202010%2F2011||stanley%20cup%20v%C3%ADt%C4%9Bz||stanley%20cup||kovy%20ja[...]
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1357854820");
Line Deleted : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Line Deleted : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "21.0");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.uninstStatSent", true);
Line Deleted : user_pref("icqtoolbar.uniqueID", "135776367613577635561357764650416");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1369162415);
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 3&tsp=5250
Deleted [Extension] : acfoobbgoakpihljnfedbcfaipcdlfhk
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [8995 octets] - [02/06/2014 12:58:09]
AdwCleaner[S0].txt - [8910 octets] - [02/06/2014 12:59:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8970 octets] ##########

Ahoj, chtěl bych se ještě zeptat.

Minulý měsíc, 3.5. jsem kupoval jeden software za 10 dolarů, jednalo se o měsíční licenci (na zkoušku), platil jsem kreditní kartou (MasterCard) přes internet. Jedná se o bezpečný software, který používá spousta uživatelů. Dnes když jsem otevřel email jsem byl nemile překvapen, když jsem viděl, že jsem si program ´´koupil´´ znova. Dnes licence vypršela. Problém je ten, žejsem si program sám nekupoval, ale samo mi to peníze stáhlo z účtu.

Chci se zeptat, může se jednat o vir, který toto způsobil, celkem se obávám co se bude dít dále, to je naprostá hrůza.

Nebyla tam pri nakupu zminena nejaka automaticka obnova (nakup) licence?? Pak bude treba se obratit na obchodnika

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Výsledky ZOEK:
Zoek.exe v5.0.0.0 Updated 02-June-2014
Tool run by A on Łt 10.06.2014 at 0:27:20,19.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\A\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.6.2014 0:33:29 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4089783447-3208013067-3963371071-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update WebSpades deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update WebSpades deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\dykx490c.default\prefs.js:
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("keyword.URL", "http://websearch.ask.com/redirect?clien ... Y%5ECZ&&q=");

Added to C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\dykx490c.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\dykx490c.default

user.js not found
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.ff-original-keyword-url", "");
---- Lines {336D0C35-8A85-403a-B9D2-65C292C39087} modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_10.06.2014_0047_.backup

==== Deleting Files \ Folders ======================

C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\autoconfig.js deleted
C:\extensions.sqlite deleted
C:\found.000 deleted
C:\Users\A\AppData\Roaming\ICQ Search deleted
C:\PROGRA~3\ICQ deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\A\AppData\Local\cache deleted
C:\Users\Notebook\AppData\LocalLow\AskToolbar deleted
C:\windows\SysNative\tasks\Go for FilesUpdate deleted
"C:\Windows\Syswow64\SET88FD.tmp" deleted
"C:\Windows\Syswow64\SET9468.tmp" deleted
"C:\PROGRA~2\WebSpades\updateWebSpades.exe" deleted
"C:\PROGRA~2\WebSpades\bin\utilWebSpades.exe" deleted
"C:\Users\A\AppData\Roaming\join.me" deleted
"C:\PROGRA~2\WebSpades" not deleted
"C:\PROGRA~2\WebSpades\bin" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22.05.2014 15:25]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\fr7hljdh.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02.05.2014 11:04]


==== Chrome Fix ======================

C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage deleted successfully
C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.buenosearch.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com/search?q={searchT ... d=ie7&rlz="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTer ... DF&PC=AV01"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\A\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\A\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\A\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\A\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\A\AppData\Local\Mozilla\Firefox\Profiles\fr7hljdh.default\Cache will be emptied at reboot
C:\Users\Notebook\AppData\Local\Mozilla\Firefox\Profiles\dykx490c.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=286 folders=57 41661571 bytes)

==== Empty Temp Folders ======================

C:\Users\A\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Notebook\AppData\Local\Temp emptied successfully
C:\Users\postgres\AppData\Local\Temp emptied successfully
C:\Users\postgres.A-PC\AppData\Local\Temp emptied successfully
C:\Users\POSTGR~1.A-P\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\A\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\Syswow64\SET88FD.tmpsearch" not found
"C:\Windows\Syswow64\SET9468.tmpsearch" not found
"C:\PROGRA~2\WebSpades" not found
"C:\Users\A\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\S93ABMML\secure.join.me" not found

==== EOF on Łt 10.06.2014 at 0:57:35,86 ======================

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

log FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014
Ran by A (administrator) on A05-0421B on 10-06-2014 18:35:52
Running from C:\Users\A\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
() C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-20] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-05-26] (Alcor Micro Corp.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-03-30] (VIA)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-04-07] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-25] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe [84464 2011-05-23] ()
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-22] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2013-01-07] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [PokerStrategy.com SideKick] => "C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms"
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [RGSC] => D:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [uTorrent] => C:\Users\A\Desktop\Downloads\uTorrent.exe [1272912 2014-06-02] (BitTorrent Inc.)
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\MountPoints2: {e7ac53dd-6a13-11e3-82a7-685d43818061} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchT ... d=ie7&rlz=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 147.229.191.143 147.229.190.143

FireFox:
========
FF ProfilePath: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\fr7hljdh.default
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: http://www.google.com
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\A\AppData\Roaming\Mozilla\Firefox\Profiles\fr7hljdh.default\searchplugins\searchplugins-backup
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-23]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-10]
CHR Extension: (Disk Google) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-10]
CHR Extension: (YouTube) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-10]
CHR Extension: (Vyhledávání Google) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-10]
CHR Extension: (avast! Online Security) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-10]
CHR Extension: (Peněženka Google) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-14]
CHR Extension: (Gmail) - C:\Users\A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2011-03-27] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-02] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
R2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X]

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-09] (DT Soft Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64; C:\Windows\System32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys [61120 2014-05-22] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 18:35 - 2014-06-10 18:36 - 00021457 _____ () C:\Users\A\Desktop\FRST.txt
2014-06-10 18:34 - 2014-06-10 18:35 - 00000000 ____D () C:\FRST
2014-06-10 18:33 - 2014-06-10 18:34 - 00025256 _____ () C:\Users\A\Desktop\FRSTLauncher.exe
2014-06-10 18:20 - 2014-06-10 18:26 - 02080768 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
2014-06-10 00:52 - 2014-06-10 18:36 - 00000000 ____D () C:\Users\A\AppData\Local\Temp
2014-06-10 00:52 - 2014-06-10 00:52 - 00000078 _____ () C:\folders.txt
2014-06-10 00:52 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\postgres\AppData\Local\Temp
2014-06-10 00:52 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\postgres.A-PC\AppData\Local\Temp
2014-06-10 00:52 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\Notebook\AppData\Local\Temp
2014-06-10 00:52 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Temp
2014-06-10 00:52 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Temp
2014-06-10 00:52 - 2014-06-10 00:26 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-10 00:33 - 2014-06-10 00:57 - 00012824 _____ () C:\zoek-results.log
2014-06-10 00:26 - 2014-06-10 00:49 - 00000000 ____D () C:\zoek_backup
2014-06-09 23:54 - 2014-06-09 23:54 - 01285120 _____ () C:\Users\A\Desktop\zoek.exe
2014-06-07 15:02 - 2014-06-07 15:02 - 00000786 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\William Hill Poker.lnk
2014-06-07 15:02 - 2014-06-07 15:02 - 00000774 _____ () C:\Users\Public\Desktop\WH.lnk
2014-06-06 15:35 - 2014-06-06 18:19 - 00000127 _____ () C:\Users\A\Desktop\Hesla - fantasy Sport.txt
2014-06-04 16:18 - 2014-06-10 16:27 - 00019497 _____ () C:\Users\A\Desktop\Střelci.xlsx
2014-06-02 20:13 - 2014-06-02 20:13 - 01266688 _____ () C:\Users\A\Desktop\stacked.exe
2014-06-02 19:41 - 2014-06-02 19:41 - 00000811 _____ () C:\Users\A\Desktop\µTorrent.lnk
2014-06-02 19:40 - 2014-06-02 19:39 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-02 19:39 - 2014-06-02 19:39 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-02 19:39 - 2014-06-02 19:39 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-02 19:39 - 2014-06-02 19:39 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-02 19:39 - 2014-06-02 19:39 - 00000000 ____D () C:\Program Files\Java
2014-06-02 19:34 - 2014-06-02 19:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-02 19:34 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-06-02 19:33 - 2014-05-15 01:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-06-02 19:31 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-02 19:31 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-06-02 19:31 - 2014-05-20 04:44 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-06-02 19:31 - 2014-05-20 04:44 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-06-02 19:25 - 2014-06-02 19:26 - 00000000 ____D () C:\Users\A\AppData\Local\NVIDIA Corporation
2014-06-02 19:25 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-02 19:25 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-02 19:25 - 2014-05-30 01:07 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-06-02 19:25 - 2014-05-30 01:07 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-06-02 19:24 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-06-02 19:24 - 2014-03-31 18:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-06-02 19:24 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-06-02 12:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-02 12:58 - 2014-06-02 18:44 - 00000000 ____D () C:\AdwCleaner
2014-06-02 12:40 - 2014-06-02 12:40 - 01327971 _____ () C:\Users\A\Desktop\adwcleaner_3.211.exe
2014-06-02 12:40 - 2014-06-02 12:40 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 12:39 - 2014-06-02 12:39 - 01016261 _____ (Thisisu) C:\Users\A\Desktop\JRT.exe
2014-06-01 22:59 - 2014-06-02 12:48 - 00000000 ____D () C:\Program Files (x86)\Zrychleni Pocitace
2014-06-01 22:59 - 2014-06-01 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zrychleni Pocitace
2014-06-01 11:01 - 2014-06-09 21:31 - 00001080 _____ () C:\Users\A\Desktop\PokerTracker 4.lnk
2014-06-01 10:37 - 2014-06-01 10:37 - 00001094 _____ () C:\Users\Public\Desktop\HoldemManager2.lnk
2014-06-01 09:24 - 2014-06-10 18:32 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-01 09:24 - 2014-06-10 18:29 - 00000942 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 09:24 - 2014-06-01 09:24 - 00003938 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-01 09:24 - 2014-06-01 09:24 - 00003686 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-01 09:24 - 2014-06-01 09:24 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-01 09:04 - 2014-06-01 09:04 - 00000000 ____D () C:\rsit
2014-06-01 09:04 - 2014-06-01 09:04 - 00000000 ____D () C:\Program Files\trend micro
2014-05-30 14:37 - 2014-05-30 14:37 - 00000000 __SHD () C:\Users\A\AppData\Local\EmieUserList
2014-05-30 14:37 - 2014-05-30 14:37 - 00000000 __SHD () C:\Users\A\AppData\Local\EmieSiteList
2014-05-27 17:50 - 2014-05-22 18:23 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys
2014-05-17 18:54 - 2014-05-17 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-17 18:54 - 2014-05-17 18:54 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-17 18:54 - 2012-04-09 00:40 - 00079360 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2014-05-15 10:26 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 10:26 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 10:26 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 10:26 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 10:26 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 10:26 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 16:37 - 2014-05-31 21:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-14 09:58 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:58 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:58 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:58 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:58 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:58 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:58 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:58 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:58 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:58 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 09:58 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 09:58 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:58 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 09:58 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:58 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:58 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:58 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:58 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:58 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:58 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:58 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:58 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:58 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:58 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:58 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:58 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:58 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:58 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:58 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 09:58 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 09:58 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 09:58 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 09:58 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 09:58 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

==================== One Month Modified Files and Folders =======

2014-06-10 18:36 - 2014-06-10 18:35 - 00021457 _____ () C:\Users\A\Desktop\FRST.txt
2014-06-10 18:36 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\A\AppData\Local\Temp
2014-06-10 18:35 - 2014-06-10 18:34 - 00000000 ____D () C:\FRST
2014-06-10 18:35 - 2013-01-11 01:38 - 00000000 ____D () C:\Users\A\AppData\Local\Deployment
2014-06-10 18:35 - 2013-01-07 01:52 - 01513756 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 18:34 - 2014-06-10 18:33 - 00025256 _____ () C:\Users\A\Desktop\FRSTLauncher.exe
2014-06-10 18:32 - 2014-06-01 09:24 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 18:32 - 2013-01-07 01:57 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-06-10 18:32 - 2013-01-07 01:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-10 18:32 - 2013-01-06 17:29 - 00000380 _____ () C:\Users\A\AppData\Roaming\sp_data.sys
2014-06-10 18:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 18:32 - 2009-07-14 06:51 - 00132506 _____ () C:\Windows\setupact.log
2014-06-10 18:29 - 2014-06-01 09:24 - 00000942 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 18:26 - 2014-06-10 18:20 - 02080768 _____ (Farbar) C:\Users\A\Desktop\FRST64.exe
2014-06-10 18:18 - 2013-06-05 22:44 - 00000000 ____D () C:\Users\A\AppData\Roaming\Skype
2014-06-10 18:00 - 2013-01-09 22:45 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 17:05 - 2014-03-29 15:30 - 00000000 ____D () C:\Program Files (x86)\PokerTracker 4
2014-06-10 17:05 - 2013-09-20 14:37 - 00000000 ____D () C:\Users\A\AppData\Roaming\TableNinja.v2
2014-06-10 16:40 - 2013-01-09 22:52 - 00000000 ____D () C:\Users\A\AppData\Local\PokerStars
2014-06-10 16:33 - 2013-01-11 03:01 - 00000000 ____D () C:\Users\A\AppData\Roaming\vlc
2014-06-10 16:27 - 2014-06-04 16:18 - 00019497 _____ () C:\Users\A\Desktop\Střelci.xlsx
2014-06-10 16:14 - 2011-02-19 07:36 - 00672408 _____ () C:\Windows\system32\perfh005.dat
2014-06-10 16:14 - 2011-02-19 07:36 - 00142972 _____ () C:\Windows\system32\perfc005.dat
2014-06-10 16:14 - 2009-07-14 07:13 - 01593238 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 15:35 - 2013-01-07 01:57 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-06-10 10:09 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 10:09 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 00:57 - 2014-06-10 00:33 - 00012824 _____ () C:\zoek-results.log
2014-06-10 00:55 - 2013-01-10 23:55 - 00000000 ____D () C:\Users\postgres.A-PC
2014-06-10 00:54 - 2012-02-24 12:48 - 00451368 _____ () C:\Windows\PFRO.log
2014-06-10 00:52 - 2014-06-10 00:52 - 00000078 _____ () C:\folders.txt
2014-06-10 00:52 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\postgres\AppData\Local\Temp
2014-06-10 00:52 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\postgres.A-PC\AppData\Local\Temp
2014-06-10 00:52 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\Notebook\AppData\Local\Temp
2014-06-10 00:52 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Temp
2014-06-10 00:52 - 2014-06-10 00:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Temp
2014-06-10 00:49 - 2014-06-10 00:26 - 00000000 ____D () C:\zoek_backup
2014-06-10 00:26 - 2014-06-10 00:52 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-09 23:54 - 2014-06-09 23:54 - 01285120 _____ () C:\Users\A\Desktop\zoek.exe
2014-06-09 21:44 - 2013-01-15 14:00 - 00001164 _____ () C:\blitzerr.txt
2014-06-09 21:44 - 2013-01-10 23:57 - 00000000 ____D () C:\Users\A\AppData\Roaming\HoldemManager
2014-06-09 21:31 - 2014-06-01 11:01 - 00001080 _____ () C:\Users\A\Desktop\PokerTracker 4.lnk
2014-06-09 21:31 - 2014-03-29 15:30 - 00001080 _____ () C:\Users\postgres.A-PC\Desktop\PokerTracker 4.lnk
2014-06-09 21:31 - 2014-03-29 15:30 - 00001080 _____ () C:\Users\Notebook\Desktop\PokerTracker 4.lnk
2014-06-09 10:02 - 2013-03-23 01:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-07 15:06 - 2013-07-01 14:18 - 00007056 _____ () C:\speederr.txt
2014-06-07 15:02 - 2014-06-07 15:02 - 00000786 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\William Hill Poker.lnk
2014-06-07 15:02 - 2014-06-07 15:02 - 00000774 _____ () C:\Users\Public\Desktop\WH.lnk
2014-06-07 15:02 - 2013-07-01 14:18 - 00000000 ____D () C:\Poker
2014-06-06 18:19 - 2014-06-06 15:35 - 00000127 _____ () C:\Users\A\Desktop\Hesla - fantasy Sport.txt
2014-06-02 20:13 - 2014-06-02 20:13 - 01266688 _____ () C:\Users\A\Desktop\stacked.exe
2014-06-02 19:42 - 2013-04-11 09:40 - 00000000 ____D () C:\Users\A\AppData\Roaming\uTorrent
2014-06-02 19:41 - 2014-06-02 19:41 - 00000811 _____ () C:\Users\A\Desktop\µTorrent.lnk
2014-06-02 19:39 - 2014-06-02 19:40 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-02 19:39 - 2014-06-02 19:39 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-02 19:39 - 2014-06-02 19:39 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-02 19:39 - 2014-06-02 19:39 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-02 19:39 - 2014-06-02 19:39 - 00000000 ____D () C:\Program Files\Java
2014-06-02 19:34 - 2014-06-02 19:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-06-02 19:34 - 2013-01-07 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-02 19:34 - 2013-01-07 01:54 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-02 19:34 - 2013-01-07 01:54 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-02 19:27 - 2013-05-24 00:24 - 00000000 ____D () C:\Users\A\AppData\Local\NVIDIA
2014-06-02 19:26 - 2014-06-02 19:25 - 00000000 ____D () C:\Users\A\AppData\Local\NVIDIA Corporation
2014-06-02 19:25 - 2013-01-07 01:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-02 18:44 - 2014-06-02 12:58 - 00000000 ____D () C:\AdwCleaner
2014-06-02 12:48 - 2014-06-01 22:59 - 00000000 ____D () C:\Program Files (x86)\Zrychleni Pocitace
2014-06-02 12:40 - 2014-06-02 12:40 - 01327971 _____ () C:\Users\A\Desktop\adwcleaner_3.211.exe
2014-06-02 12:40 - 2014-06-02 12:40 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 12:39 - 2014-06-02 12:39 - 01016261 _____ (Thisisu) C:\Users\A\Desktop\JRT.exe
2014-06-01 22:59 - 2014-06-01 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zrychleni Pocitace
2014-06-01 10:53 - 2013-11-15 19:14 - 00000000 ____D () C:\Users\A\AppData\Roaming\7 Sticky Notes
2014-06-01 10:37 - 2014-06-01 10:37 - 00001094 _____ () C:\Users\Public\Desktop\HoldemManager2.lnk
2014-06-01 10:37 - 2013-01-10 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
2014-06-01 10:37 - 2013-01-10 23:56 - 00000000 ____D () C:\Program Files (x86)\Holdem Manager 2
2014-06-01 09:24 - 2014-06-01 09:24 - 00003938 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-01 09:24 - 2014-06-01 09:24 - 00003686 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-01 09:24 - 2014-06-01 09:24 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-01 09:24 - 2012-02-24 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-01 09:24 - 2012-02-24 13:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-01 09:04 - 2014-06-01 09:04 - 00000000 ____D () C:\rsit
2014-06-01 09:04 - 2014-06-01 09:04 - 00000000 ____D () C:\Program Files\trend micro
2014-05-31 23:10 - 2009-07-14 04:34 - 00000612 _____ () C:\Windows\win.ini
2014-05-31 23:01 - 2013-05-01 16:32 - 00000000 ____D () C:\Program Files (x86)\Czech Soccer Manager 2002 FE
2014-05-31 21:54 - 2014-05-14 16:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-31 21:45 - 2013-03-23 01:13 - 00000000 ____D () C:\Users\A\AppData\Local\Google
2014-05-31 21:38 - 2014-05-05 19:53 - 00000000 ____D () C:\Users\A\Desktop\HH
2014-05-31 21:38 - 2014-04-09 21:42 - 00000000 ____D () C:\Users\A\Desktop\Poker
2014-05-31 09:34 - 2013-01-09 22:51 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-05-30 14:51 - 2014-04-03 20:46 - 00000000 ____D () C:\Program Files (x86)\PokerStars.Alpha
2014-05-30 14:39 - 2014-03-02 11:08 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-30 14:39 - 2013-06-05 22:44 - 00000000 ____D () C:\ProgramData\Skype
2014-05-30 14:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-30 14:37 - 2014-05-30 14:37 - 00000000 __SHD () C:\Users\A\AppData\Local\EmieUserList
2014-05-30 14:37 - 2014-05-30 14:37 - 00000000 __SHD () C:\Users\A\AppData\Local\EmieSiteList
2014-05-30 01:07 - 2014-06-02 19:25 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-30 01:07 - 2014-06-02 19:25 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 01:07 - 2014-06-02 19:25 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-30 01:07 - 2014-06-02 19:25 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-27 18:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-26 19:31 - 2013-01-09 22:50 - 00000000 ____D () C:\Users\A\AppData\Roaming\ICQ
2014-05-22 18:23 - 2014-05-27 17:50 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys
2014-05-20 04:44 - 2014-06-02 19:31 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-06-02 19:31 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-20 04:44 - 2014-06-02 19:31 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-20 04:44 - 2014-06-02 19:31 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-20 04:44 - 2013-01-07 01:53 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2013-01-07 01:53 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2013-01-07 01:53 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-20 04:44 - 2013-01-07 01:53 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2013-01-07 01:53 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-05-20 04:44 - 2013-01-07 01:53 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-20 03:25 - 2013-01-07 01:54 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-20 03:25 - 2013-01-07 01:54 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-20 03:25 - 2013-01-07 01:54 - 02560968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-05-20 03:25 - 2013-01-07 01:54 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-20 03:25 - 2013-01-07 01:54 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-20 03:25 - 2013-01-07 01:54 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-20 01:10 - 2014-06-02 19:34 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-19 18:17 - 2013-01-14 13:05 - 00000000 ____D () C:\Users\A\AppData\Local\Equilab
2014-05-18 14:11 - 2013-02-11 19:05 - 00000000 ____D () C:\Users\A\AppData\Local\FullTiltPoker
2014-05-18 14:11 - 2013-02-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Full Tilt Poker
2014-05-18 14:04 - 2014-05-01 21:38 - 00000000 ____D () C:\Users\A\AppData\Local\AuxClient
2014-05-17 18:54 - 2014-05-17 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2014-05-17 18:54 - 2014-05-17 18:54 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-05-17 11:42 - 2013-01-09 22:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-17 11:38 - 2013-01-06 17:28 - 00000000 ___RD () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 11:38 - 2013-01-06 17:28 - 00000000 ___RD () C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 11:33 - 2014-05-07 10:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 15:27 - 2014-05-02 11:05 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 15:27 - 2013-03-23 01:13 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 15:27 - 2013-03-23 01:13 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 10:26 - 2013-01-09 23:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 10:25 - 2013-08-19 11:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 10:22 - 2013-02-21 11:44 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 01:49 - 2014-06-02 19:33 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 09:41 - 2013-01-09 22:45 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 09:41 - 2013-01-09 22:45 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 09:41 - 2013-01-09 22:45 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-11 12:38 - 2014-03-29 15:31 - 00000000 ____D () C:\Users\A\AppData\Local\PokerTracker 4

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-09 18:53

==================== End Of Log ============================

Přílohy:

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
  HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
  HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
  HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [PokerStrategy.com SideKick] => "C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms"
  HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [RGSC] => D:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent
  HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [uTorrent] => C:\Users\A\Desktop\Downloads\uTorrent.exe [1272912 2014-06-02] (BitTorrent Inc.)
  HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\MountPoints2: {e7ac53dd-6a13-11e3-82a7-685d43818061} - G:\HTC_Sync_Manager_PC.exe
  Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
  
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  
  2014-06-10 18:33 - 2014-06-10 18:34 - 00025256 _____ () C:\Users\A\Desktop\FRSTLauncher.exe
  2014-06-10 00:52 - 2014-06-10 00:26 - 00024064 _____ () C:\Windows\zoek-delete.exe
  2014-06-10 00:33 - 2014-06-10 00:57 - 00012824 _____ () C:\zoek-results.log
  2014-06-10 00:26 - 2014-06-10 00:49 - 00000000 ____D () C:\zoek_backup
  2014-06-09 23:54 - 2014-06-09 23:54 - 01285120 _____ () C:\Users\A\Desktop\zoek.exe
  2014-06-02 12:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
  2014-06-02 12:58 - 2014-06-02 18:44 - 00000000 ____D () C:\AdwCleaner
  2014-06-02 12:40 - 2014-06-02 12:40 - 01327971 _____ () C:\Users\A\Desktop\adwcleaner_3.211.exe
  2014-06-02 12:40 - 2014-06-02 12:40 - 00000000 ____D () C:\Windows\ERUNT
  2014-06-02 12:39 - 2014-06-02 12:39 - 01016261 _____ (Thisisu) C:\Users\A\Desktop\JRT.exe
  2014-06-01 22:59 - 2014-06-02 12:48 - 00000000 ____D () C:\Program Files (x86)\Zrychleni Pocitace
  2014-06-01 22:59 - 2014-06-01 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zrychleni Pocitace
  
  Task: {FBD826B4-D891-41CC-AEA4-53EE345783A9} - \Go for FilesUpdate No Task File <==== ATTENTION
  Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
  Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
  
  Hosts:
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014
Ran by A at 2014-06-18 00:43:08 Run:1
Running from C:\Users\A\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [PokerStrategy.com SideKick] => "C:\Users\A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms"
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [RGSC] => D:\Games\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\Run: [uTorrent] => C:\Users\A\Desktop\Downloads\uTorrent.exe [1272912 2014-06-02] (BitTorrent Inc.)
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\...\MountPoints2: {e7ac53dd-6a13-11e3-82a7-685d43818061} - G:\HTC_Sync_Manager_PC.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

2014-06-10 18:33 - 2014-06-10 18:34 - 00025256 _____ () C:\Users\A\Desktop\FRSTLauncher.exe
2014-06-10 00:52 - 2014-06-10 00:26 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-06-10 00:33 - 2014-06-10 00:57 - 00012824 _____ () C:\zoek-results.log
2014-06-10 00:26 - 2014-06-10 00:49 - 00000000 ____D () C:\zoek_backup
2014-06-09 23:54 - 2014-06-09 23:54 - 01285120 _____ () C:\Users\A\Desktop\zoek.exe
2014-06-02 12:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-02 12:58 - 2014-06-02 18:44 - 00000000 ____D () C:\AdwCleaner
2014-06-02 12:40 - 2014-06-02 12:40 - 01327971 _____ () C:\Users\A\Desktop\adwcleaner_3.211.exe
2014-06-02 12:40 - 2014-06-02 12:40 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 12:39 - 2014-06-02 12:39 - 01016261 _____ (Thisisu) C:\Users\A\Desktop\JRT.exe
2014-06-01 22:59 - 2014-06-02 12:48 - 00000000 ____D () C:\Program Files (x86)\Zrychleni Pocitace
2014-06-01 22:59 - 2014-06-01 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zrychleni Pocitace

Task: {FBD826B4-D891-41CC-AEA4-53EE345783A9} - \Go for FilesUpdate No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

Hosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLMLServer => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value deleted successfully.
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PokerStrategy.com SideKick => value deleted successfully.
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC => value deleted successfully.
HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value not found.
'HKU\S-1-5-21-4089783447-3208013067-3963371071-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7ac53dd-6a13-11e3-82a7-685d43818061}' => Key deleted successfully.
'HKCR\CLSID\{e7ac53dd-6a13-11e3-82a7-685d43818061}'=> Key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
"C:\Users\A\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\A\Desktop\zoek.exe => Moved successfully.
C:\Windows\SysWOW64\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
"C:\Users\A\Desktop\adwcleaner_3.211.exe" => File/Directory not found.
C:\Windows\ERUNT => Moved successfully.
C:\Users\A\Desktop\JRT.exe => Moved successfully.
C:\Program Files (x86)\Zrychleni Pocitace => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zrychleni Pocitace => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBD826B4-D891-41CC-AEA4-53EE345783A9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBD826B4-D891-41CC-AEA4-53EE345783A9}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate' => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => Moved successfully.
C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Mockrát děkuji za pomoc a ochotu při řešení problému a profesionální přístup z Vaší strany

Vše vypadá momentálně vpořádku