Reklamy v PC log RSIT

Zpráva

Cizap · #1 Příspěvek od **Cizap** » 05 srp 2014 10:41

Ahoj, dobrý den, nacpal jsem si PC nedopatřením něčim co mi cpe reklamy do webovek a skoro po každym kliknutí na odkaz mi to otevře další 1-3 stránky s reklamama. Tak prosím jestli na to někdo koukne. Předem vřelé díky. Číža.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Ciza at 2014-08-05 11:37:54
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 17 GB (14%) free of 123 GB
Total RAM: 6006 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:59, on 5.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files (x86)\SupTab\HpUI.exe
C:\Program Files (x86)\SupTab\Loader32.exe
C:\Users\Ciza\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Ciza\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Ciza.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... 4ST9A2CLLD
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... 4ST9A2CLLD
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... 4ST9A2CLLD
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... 4ST9A2CLLD
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://istart.webssearches.com/web/?typ ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://istart.webssearches.com/web/?typ ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: CrossriderApp0061788 - {11111111-1111-1111-1111-110611171188} - C:\Program Files (x86)\HD-V1.9\HD-V1.9-bho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programs\FlashGet\jccatch.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programs\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programs\FlashGet\getflash.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BCSSync] "D:\Programs\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ciza\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Ciza\AppData\Local\Apps\2.0\B1PPDJ7X.Z10\KOWMMD46.GY9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - D:\Programs\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Programs\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programs\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\Programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\Programs\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programs\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programs\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programs\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programs\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programs\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programs\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Antiviry\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - D:\Programs\T-mobile\Web a walk manager\Web'n'walk Manager\ameisvc.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Programs\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Network HTTP Support Service (NetHttpService) - Unknown owner - C:\Windows\SysWOW64\nethtsrv.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Network Support Service Updater (ServiceUpdater) - Unknown owner - C:\Windows\SysWOW64\netupdsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15241 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe"
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\ProgramData\IePluginServices\PluginService.exe -service
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"D:\Antiviry\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"taskhost.exe"
taskeng.exe {07FBB4BF-24D3-48A4-8989-75531C27F760}
taskeng.exe {4FF070B4-E5DB-4E8B-B2E3-EA47DB5DCA05}
"C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe"
"C:\Program Files (x86)\HD-V1.9\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-10.exe" /NFoKmSN='HD-V1.9' /cZWgWLj=61788 /FWTzRkO='001859' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=E0A54CA435784053A89AEE2C7B8BDC9CIE /sxOizXYj=1ef40191729575ae2b845d6295e7b153 /jQNrIMjGd=1_34_07_01 /ltvgMQKG=1406538149 /MDmRYqnu=http://stats.infodatacloud.com /HMaFdVRe=http://errors.infodatacloud.com /jPPaqS='HD-V1.9' /goofqNEN=1000 /BfqNU=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /OSxfiDIO=http://logs.infodatacloud.com /PvTUcKz='task' /nSpQUGZsJ=''
"C:\Program Files (x86)\HD-V1.9\HD-V1.9-nova.exe" /NFoKmSN='HD-V1.9' /cZWgWLj=61788 /FWTzRkO='001859' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=E0A54CA435784053A89AEE2C7B8BDC9CIE /sxOizXYj=1ef40191729575ae2b845d6295e7b153 /jQNrIMjGd=1_34_07_01 /nvaiZVhJJ=1.34.7.1 /ltvgMQKG=1406538149 /MDmRYqnu=http://stats.infodatacloud.com /HMaFdVRe=http://errors.infodatacloud.com /fdNBQc=http://js.infodatacloud.com /nJJXXTS=opera /aQxowePf /OGbrXet=HD-V1.9 /dWNlI='nova' /MyVTAGeC=http://js.clientdemocloud.com /fnpAfR='{"asw":[67108872, -2147483579, 0]}' /wPfoWRnOq='http://update.infodatacloud.com/novarun ... pdate.json' /PvTUcKz='task' /nSpQUGZsJ=''
C:\Windows\Explorer.EXE
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\SupTab\HpUI.exe"
C:\Windows\SysWOW64\nethtsrv.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\netupdsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\SupTab\Loader32.exe"
"C:\Program Files (x86)\SupTab\Loader64.exe"
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2468
"D:\Programs\T-mobile\Web a walk manager\Web'n'walk Manager\ameisvc.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Users\Ciza\AppData\Local\Akamai\netsession_win.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:/Users/Ciza/AppData/Local/Akamai/netsession_win.exe" --client
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe" /Start
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://istart.webssearches.com/?type=hp ... 4ST9A2CLLD
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3960.0.1243865591\438649852" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,5,16 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.933.3.4000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.3.1297377822\1429340373" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.5.1826907388\1596567759" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.6.1558422796\262229763" /prefetch:673131151
"C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3960.10.2048389186\680880015" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"D:\Programs\LogMeIn Hamachi\hamachi-2.exe" -s
"D:\Programs\LogMeIn Hamachi\LMIGuardianSvc" /escort 2720
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
"C:\Windows\system32\wuauclt.exe"
"taskhost.exe"
C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe" /c
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\WLANExt.exe 39176832
\??\C:\Windows\system32\conhost.exe "5190517031011023566-894296811578712619-875957128-911578435-1818935521839024901

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.40.2018987379\1438858978" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.45.643535618\268228365" /prefetch:673131151
QueryAppBlock.exe /apps /appinv "C:\Windows\TEMP\CompatTelemetryLogs\WICA_Programs_CIZA-NOTAS.xml" /devinv "C:\Windows\TEMP\CompatTelemetryLogs\WICA_Devices_CIZA-NOTAS.xml" /out "C:\Windows\TEMP\CompatTelemetryLogs\WICA_QueryAppBlock_CIZA-NOTAS.xml" /os "6.2" /appSdb "C:\Windows\system32\CompatTel\sysmain32.sdb" "C:\Windows\system32\CompatTel\sysmain64.sdb" /log "C:\Windows\TEMP\CompatTelemetryLogs" "C:\Windows\system32\CompatTel" /REDUCED /runtimeAppSdb "C:\Windows\system32\CompatTel\sysmain32Runtime.sdb" "C:\Windows\system32\CompatTel\sysmain64Runtime.sdb"
\??\C:\Windows\system32\conhost.exe "1435461589-824372479-252387358-2135756105-86022329-14685768641691306112-491674256
"C:\Users\Ciza\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AmiUpdXp.job - C:\Users\Ciza\AppData\Local\16655\a4652.exe
C:\Windows\tasks\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-1.job - C:\Program Files (x86)\HD-V1.9\HD-V1.9-codedownloader.exe /NghLr /PvTUcKz=task /NFoKmSN='HD-V1.9' /cZWgWLj=61788 /FWTzRkO='001859' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=E0A54CA435784053A89AEE2C7B8BDC9CIE /sxOizXYj=1ef40191729575ae2b845d6295e7b153 /jQNrIMjGd=1_34_07_01 /nvaiZVhJJ=1.34.7.1 /ltvgMQKG=1406538149 /MDmRYqnu=http://stats.infodatacloud.com /HMaFdVRe=http://errors.infodatacloud.com /fdNBQc=http://js.infodatacloud.com /nJJXXTS=opera /OGbrXet='HD-V1.9' /MyVTAGeC=http://js.clientdemocloud.com /iyedQc /fnpAfR='{"asw":[67108872, -2147483579, 0]}' /wPfoWRnOq='http://update.infodatacloud.com/ie_code ... pdate.json' /PvTUcKz='task' /nSpQUGZsJ=''
C:\Windows\tasks\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-10.job - C:\Program Files (x86)\HD-V1.9\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-10.exe /NFoKmSN='HD-V1.9' /cZWgWLj=61788 /FWTzRkO='001859' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=E0A54CA435784053A89AEE2C7B8BDC9CIE /sxOizXYj=1ef40191729575ae2b845d6295e7b153 /jQNrIMjGd=1_34_07_01 /ltvgMQKG=1406538149 /MDmRYqnu=http://stats.infodatacloud.com /HMaFdVRe=http://errors.infodatacloud.com /jPPaqS='HD-V1.9' /goofqNEN=1000 /BfqNU=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /OSxfiDIO=http://logs.infodatacloud.com /PvTUcKz='task' /nSpQUGZsJ=''
C:\Windows\tasks\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-11.job - C:\Program Files (x86)\HD-V1.9\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-11.exe 001859 E0A54CA435784053A89AEE2C7B8BDC9CIE 61788 1406538149 93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 HD-V1.9
C:\Windows\tasks\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-2.job - C:\Program Files (x86)\HD-V1.9\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-2.exe /xUkBwVUhw /NFoKmSN='HD-V1.9' /cZWgWLj=61788 /FWTzRkO='001859' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=E0A54CA435784053A89AEE2C7B8BDC9CIE /sxOizXYj=1ef40191729575ae2b845d6295e7b153 /jQNrIMjGd=1_34_07_01 /ltvgMQKG=1406538149 /MDmRYqnu=http://stats.infodatacloud.com /HMaFdVRe=http://errors.infodatacloud.com /BPRIoMlL=11111111-1111-1111-1111-110611171188 /nJJXXTS=opera /xfYGXL /iyedQc /wPfoWRnOq='http://update.infodatacloud.com/ie_enab ... pdate.json' /PvTUcKz='task' /nSpQUGZsJ=''
C:\Windows\tasks\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-3.job - C:\Program Files (x86)\HD-V1.9\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-3.exe /tSwlxNC=EBCWWa66K+EiuBAB7YrNqxMgvxLQCVehhJi84mxhHHfWhVUgAKqqiPaqQdCArxilZkHoBkC60kc69NaTYNmP32kpddyDXKgKpB2MuVlj++p3ounZfdBohHNMuAfuC7VKDRrQqkOiMH2ztYOFTZpR8Uy3WFaqvnuqcKfjAtpfgh5eRivv2oy5msiv9A1LXK++heZ/SzOtw0sCCAieif520ks2USxO8AULdei4Tz5RGEUoQk55cnjZcbgO6gL0P0RNSB/MUP1/77GUiMtBwzYj1FpKffEO6Fx0krUr6KOpdBiVQnHcfoz+jINlJ3/28azj0LKjHaKBwYXbPBi1rXJOQo8kdJNVqtgIndy5melRdFU4FMBrb+evYfilltcB4oVLfeJ2hddrqxHAiN7eQylaPlYP1leK1nXnJWn9TmSZdoXLGqwxQqHVKy1wjKFgO3eKu5uvNfqwIiy48MtDeJvDqoeWAl1aY+Z19G/Pf3ndTsJ0KlOd9VLRmo/4y9Mqi8nQRuqgBYDbidr6uyRahtifbNi9CMA1H/+tjmdE91kqWSBqlGiVx5jU5DreXT3kuRAvL6upW6RxMcMxnbIMLWNosq4+Bb9u6kRWwzaeFA4seLe6kxFPRJM5Uh4jWa+8ZhCi9xWeoVzYrTbe78YltHT4c307de/PNASLk6jlZBjVSVAqguSW5St9vCZ+3MeUH5R1/w/EfXmfLjHOjzSIqE38xDfWmAcVdxCZgvp76Wv8hLg1QdsMyyqC4oVyRVONCddfmEErJX9i7KSBnsQjVFhCC44a7OWwyYkzFG3spln9QpI8xWEtVKX4GE0OA1Q897GK6lsaJzAjCxfFk/efKyCGOr6jjh1Q27fIn+w6PKPWorG/k8fy1ISK0DhmUiwYuLLkgYHevIieZ3GaSENoLhIkhy/Pz6JTVWm/SjwbyD4GXiqMjwCEog0vw5fWoD4A47rDt/E0UlXNJ9DBdFV+r0yRfQnXyeQkblO1iIiH8SdQbIxEqt9ZjpCx6NVbhubVPCpVqs2HE+v2uQGbrfnunpmDbr09/lOk8mPuCeUbda4ho8U37OGj8MzuIgEldMlq0JVnSIq2EVR1FPZIclRQooPxBmpROBXEpcPI9Wawxer3KmFhsN5eogWGNUZ8dGrp6gkUz3KujC4O/ES4gASj/IrN4lPaP9glF0mLE+CxTMiFXau1gVJXdNo/Wc+f9bY6pGJziX4SS2tftlKuu7TG1D0hp7H87hahkCNOMphZTx3PSKWOI38ehwOVKz0O1fG98Um/BWV/2S3fX57BHIHhdbO6gh2ptFWuSQPlFVtDWDhmgUB5b4AHyVGvyn8D/jNAkIJe2VMTlKFFR4ogzfqQAZUrwQ==
C:\Windows\tasks\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-4.job - C:\Program Files (x86)\HD-V1.9\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-4.exe /NDXmamZy /NFoKmSN='HD-V1.9' /HhfQZpzOE='C:\Program Files (x86)\HD-V1.9\bbf8356d-ace6-4c9e-9bcb-6b89de375c79.xpi' /cZWgWLj=61788 /FWTzRkO='001859' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=E0A54CA435784053A89AEE2C7B8BDC9CIE /sxOizXYj=1ef40191729575ae2b845d6295e7b153 /jQNrIMjGd=1_34_07_01 /nvaiZVhJJ=1.34.7.1 /ltvgMQKG=1406538149 /MDmRYqnu=http://stats.infodatacloud.com /HMaFdVRe=http://errors.infodatacloud.com /cBYoGZa=300 /LJiCXQwsD=caseyvelez@aol.com /yaKioWY=0.95 /uKHIybg=acaseyvelezaolcom61788 /NRLkD=https://w9u6a2p6.ssl.hwcdn.net/plugin/f ... /61788.rdf /jPPaqS='HD-V1.9' /qLSnphL='Lights out for YouTube' /ShmPrYsfN='InfoHD-V1.8' /nJJXXTS=opera /fnpAfR='{"asw":[67108872, -2147483579, 0]}' /iyedQc /kVXfRrPb /LwCPHed /wPfoWRnOq='http://update.infodatacloud.com/ff_agen ... pdate.json' /PvTUcKz='task' /nSpQUGZsJ=''
C:\Windows\tasks\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-5.job - C:\Program Files (x86)\HD-V1.9\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-5.exe /mprbN /NFoKmSN='HD-V1.9' /cZWgWLj=61788 /FWTzRkO='001859' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=E0A54CA435784053A89AEE2C7B8BDC9CIE /sxOizXYj=1ef40191729575ae2b845d6295e7b153 /jQNrIMjGd=1_34_07_01 /ltvgMQKG=1406538149 /MDmRYqnu=http://stats.infodatacloud.com /HMaFdVRe=http://errors.infodatacloud.com /FWSwLad=http://ipgeoapi.com/ /RtmgGG=http://update.infodatacloud.com /EeOfgOT=2 /OSxfiDIO=http://logs.infodatacloud.com /wPfoWRnOq='http://update.infodatacloud.com/updater ... pdate.json' /PvTUcKz='task' /nSpQUGZsJ=''
C:\Windows\tasks\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-5_user.job - C:\Program Files (x86)\HD-V1.9\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-5.exe /mprbN /NFoKmSN='HD-V1.9' /cZWgWLj=61788 /FWTzRkO='001859' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=E0A54CA435784053A89AEE2C7B8BDC9CIE /sxOizXYj=1ef40191729575ae2b845d6295e7b153 /jQNrIMjGd=1_34_07_01 /ltvgMQKG=1406538149 /MDmRYqnu=http://stats.infodatacloud.com /HMaFdVRe=http://errors.infodatacloud.com /FWSwLad=http://ipgeoapi.com/ /RtmgGG=http://update.infodatacloud.com /EeOfgOT=2 /OSxfiDIO=http://logs.infodatacloud.com /wPfoWRnOq='http://update.infodatacloud.com/updater ... pdate.json' /Nnmhcz /PvTUcKz='task' /nSpQUGZsJ=''
C:\Windows\tasks\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-6.job - C:\Program Files (x86)\HD-V1.9\HD-V1.9-novainstaller.exe /laELD /NFoKmSN='HD-V1.9' /cZWgWLj=61788 /FWTzRkO='001859' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=E0A54CA435784053A89AEE2C7B8BDC9CIE /sxOizXYj=1ef40191729575ae2b845d6295e7b153 /jQNrIMjGd=1_34_07_01 /nvaiZVhJJ=1.34.7.1 /ltvgMQKG=1406538149 /MDmRYqnu=http://stats.infodatacloud.com /HMaFdVRe=http://errors.infodatacloud.com /fdNBQc=http://js.infodatacloud.com /nJJXXTS=opera /aQxowePf /OGbrXet=HD-V1.9 /dWNlI='nova' /MyVTAGeC=http://js.clientdemocloud.com /fnpAfR='{"asw":[67108872, -2147483579, 0]}' /PvTUcKz=task /wPfoWRnOq='http://update.infodatacloud.com/novacod ... pdate.json' /PvTUcKz='task' /nSpQUGZsJ=''
C:\Windows\tasks\bbf8356d-ace6-4c9e-9bcb-6b89de375c79-7.job - C:\Program Files (x86)\HD-V1.9\HD-V1.9-nova.exe /NFoKmSN='HD-V1.9' /cZWgWLj=61788 /FWTzRkO='001859' /zwoSmwl='0' /QZSgHJOtL='0' /QGVManclS=E0A54CA435784053A89AEE2C7B8BDC9CIE /sxOizXYj=1ef40191729575ae2b845d6295e7b153 /jQNrIMjGd=1_34_07_01 /nvaiZVhJJ=1.34.7.1 /ltvgMQKG=1406538149 /MDmRYqnu=http://stats.infodatacloud.com /HMaFdVRe=http://errors.infodatacloud.com /fdNBQc=http://js.infodatacloud.com /nJJXXTS=opera /aQxowePf /OGbrXet=HD-V1.9 /dWNlI='nova' /MyVTAGeC=http://js.clientdemocloud.com /fnpAfR='{"asw":[67108872, -2147483579, 0]}' /wPfoWRnOq='http://update.infodatacloud.com/novarun ... pdate.json' /PvTUcKz='task' /nSpQUGZsJ=''
C:\Windows\tasks\dsmonitor.job - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-400809872-2928890687-518477650-1000.job - C:\Users\Ciza\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.9.0.12585, battlefieldheroespatcher@ea.com:5.0.203.0, {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32, {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.172, caseyvelez@aol.com:0.95.33, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.5.16, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=D:\Programs\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=D:\Programs\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Programs\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=D:\Programs\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

D:\Programs\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

D:\Programs\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
FlashGet3.xpi
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

D:\Programs\Mozilla Firefox\plugins\
np-mswmp.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

D:\Programs\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
webssearches.xml
wikipedia-cz.xml

C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\extensions\
battlefieldheroespatcher@ea.com
caseyvelez@aol.com
faststartff@gmail.com

C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\searchplugins\
firmycz.xml
mapycz.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171188}]
HD-V1.9 - C:\Program Files (x86)\HD-V1.9\HD-V1.9-bho64.dll [2014-07-28 838504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14 6307960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171188}]
HD-V1.9 - C:\Program Files (x86)\HD-V1.9\HD-V1.9-bho.dll [2014-07-28 616296]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - D:\Programs\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-04-26 194912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
IETabPage Class - C:\Program Files (x86)\SupTab\SupTab.dll [2014-07-28 515464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14 4531320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\Programs\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - D:\Programs\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 2096424]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-03-23 487424]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]
"Broadcom Wireless Manager UI"=C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [2012-11-12 7520768]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-19 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-19 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-19 439064]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=C:\Users\Ciza\AppData\Local\Akamai\netsession_win.exe [2014-04-17 4672920]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08 21444224]
"DellSystemDetect"=C:\Users\Ciza\AppData\Local\Apps\2.0\B1PPDJ7X.Z10\KOWMMD46.GY9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [2014-06-12 262720]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2010-02-25 323640]
"BCSSync"=D:\Programs\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-05 343168]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"LogMeIn Hamachi Ui"=D:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe [2014-07-21 3816784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-03-19 434688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Programs\FlashGet Network\FlashGet 3\FlashGet3.exe"="D:\Programs\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-08-05 11:37:54 ----D---- C:\Program Files\trend micro
2014-08-04 21:11:33 ----A---- C:\awh1554.tmp
2014-08-04 20:06:21 ----A---- C:\awhF9B9.tmp
2014-08-04 18:41:09 ----A---- C:\awhB1F0.tmp
2014-08-04 18:28:04 ----A---- C:\awh9E8F.tmp
2014-08-04 17:55:19 ----A---- C:\awh7741.tmp
2014-08-04 17:48:36 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-07-31 12:43:18 ----D---- C:\Users\Ciza\AppData\Roaming\Battle.net
2014-07-31 12:42:28 ----D---- C:\Program Files (x86)\Battle.net
2014-07-30 23:54:39 ----D---- C:\Program Files (x86)\TableNinja
2014-07-29 16:03:21 ----A---- C:\awhF3FA.tmp
2014-07-28 12:14:26 ----A---- C:\Windows\system32\drivers\{3f538614-b636-4023-9ec2-564ada4b07b3}Gw64.sys
2014-07-28 12:01:04 ----D---- C:\ProgramData\IePluginServices
2014-07-28 12:00:58 ----D---- C:\Program Files (x86)\SupTab
2014-07-28 12:00:51 ----D---- C:\ProgramData\WindowsMangerProtect
2014-07-28 11:59:49 ----D---- C:\Users\Ciza\AppData\Roaming\webssearches
2014-07-28 11:12:49 ----D---- C:\Program Files (x86)\Seznam.cz
2014-07-28 11:12:07 ----D---- C:\Users\Ciza\AppData\Roaming\Seznam.cz
2014-07-28 11:02:43 ----D---- C:\Program Files (x86)\globalUpdate
2014-07-28 11:02:39 ----D---- C:\Program Files (x86)\HD-V1.9
2014-07-27 23:16:42 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-07-27 23:16:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-07-27 23:16:42 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-07-27 23:16:42 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-07-27 23:16:42 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-07-27 23:16:42 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-07-27 23:16:42 ----A---- C:\Windows\system32\iernonce.dll
2014-07-27 23:16:41 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-07-27 23:16:41 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-07-27 23:16:41 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-07-27 23:16:41 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-27 23:16:41 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-07-27 23:16:41 ----A---- C:\Windows\system32\iedkcs32.dll
2014-07-27 23:16:40 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-07-27 23:16:40 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-07-27 23:16:40 ----A---- C:\Windows\system32\urlmon.dll
2014-07-27 23:16:39 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-07-27 23:16:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-07-27 23:16:39 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-07-27 23:16:38 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-07-27 23:16:38 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-07-27 23:16:38 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-07-27 23:16:38 ----A---- C:\Windows\system32\msfeeds.dll
2014-07-27 23:16:38 ----A---- C:\Windows\system32\iesetup.dll
2014-07-27 23:16:38 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-07-27 23:16:38 ----A---- C:\Windows\system32\ie4uinit.exe
2014-07-27 23:16:38 ----A---- C:\Windows\system32\dxtmsft.dll
2014-07-27 23:16:37 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-07-27 23:16:37 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-07-27 23:16:37 ----A---- C:\Windows\system32\iertutil.dll
2014-07-27 23:16:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-07-27 23:16:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-07-27 23:16:36 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-07-27 23:16:36 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-07-27 23:16:36 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-07-27 23:16:36 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-07-27 23:16:36 ----A---- C:\Windows\system32\jsproxy.dll
2014-07-27 23:16:35 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-07-27 23:16:35 ----A---- C:\Windows\system32\mshtmled.dll
2014-07-27 23:16:35 ----A---- C:\Windows\system32\ieui.dll
2014-07-27 23:16:35 ----A---- C:\Windows\system32\ieframe.dll
2014-07-27 23:16:35 ----A---- C:\Windows\system32\dxtrans.dll
2014-07-27 23:16:34 ----A---- C:\Windows\system32\wininet.dll
2014-07-27 23:16:34 ----A---- C:\Windows\system32\vbscript.dll
2014-07-27 23:16:34 ----A---- C:\Windows\system32\jscript9diag.dll
2014-07-27 23:16:34 ----A---- C:\Windows\system32\jscript9.dll
2014-07-27 23:16:34 ----A---- C:\Windows\system32\ieUnatt.exe
2014-07-27 23:16:34 ----A---- C:\Windows\system32\ieapfltr.dll
2014-07-27 23:16:33 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-27 23:16:33 ----A---- C:\Windows\system32\msrating.dll
2014-07-27 23:16:33 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-07-27 23:16:32 ----A---- C:\Windows\system32\mshtml.dll
2014-07-27 22:16:17 ----A---- C:\Windows\system32\aepdu.dll
2014-07-27 22:16:16 ----A---- C:\Windows\system32\aeinv.dll
2014-07-27 22:14:03 ----A---- C:\Windows\SYSWOW64\osk.exe
2014-07-27 22:14:03 ----A---- C:\Windows\system32\win32k.sys
2014-07-27 22:14:03 ----A---- C:\Windows\system32\osk.exe
2014-07-27 22:08:53 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-07-27 22:08:53 ----A---- C:\Windows\system32\qedit.dll
2014-07-27 22:08:49 ----A---- C:\Windows\system32\drivers\afd.sys
2014-07-27 22:08:37 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-07-27 22:08:37 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-07-27 22:08:37 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-07-27 22:08:37 ----A---- C:\Windows\system32\wdigest.dll
2014-07-27 22:08:37 ----A---- C:\Windows\system32\schannel.dll
2014-07-27 22:08:37 ----A---- C:\Windows\system32\msv1_0.dll
2014-07-27 22:08:37 ----A---- C:\Windows\system32\kerberos.dll
2014-07-27 22:08:36 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-07-27 22:08:36 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-07-27 22:08:36 ----A---- C:\Windows\system32\TSpkg.dll
2014-07-27 22:08:36 ----A---- C:\Windows\system32\ncrypt.dll
2014-07-27 22:08:35 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-07-27 22:08:35 ----A---- C:\Windows\system32\credssp.dll
2014-07-27 22:08:34 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-07-27 10:14:00 ----A---- C:\Windows\system32\drivers\nethfdrv.sys
2014-07-27 10:13:38 ----A---- C:\Windows\SYSWOW64\netupdsrv.exe
2014-07-27 10:13:26 ----A---- C:\Windows\SYSWOW64\installd.exe
2014-07-27 10:13:14 ----A---- C:\Windows\SYSWOW64\nethtsrv.exe
2014-07-27 10:12:58 ----A---- C:\Windows\SYSWOW64\hfnapi.dll
2014-07-27 10:12:48 ----A---- C:\Windows\SYSWOW64\hfpapi.dll
2014-07-11 19:35:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-07-11 19:35:25 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-07-11 19:35:25 ----A---- C:\Windows\system32\lsasrv.dll

======List of files/folders modified in the last 1 month======

2014-08-05 11:37:54 ----RD---- C:\Program Files
2014-08-05 11:37:34 ----D---- C:\Windows\system32\config
2014-08-05 11:37:13 ----D---- C:\Windows\temp
2014-08-05 11:34:13 ----D---- C:\Users\Ciza\AppData\Roaming\Skype
2014-08-05 11:16:14 ----D---- C:\Windows\tracing
2014-08-04 21:10:44 ----SHD---- C:\Windows\Installer
2014-08-04 21:10:42 ----D---- C:\Config.Msi
2014-08-04 21:08:10 ----AD---- C:\Windows
2014-08-04 21:05:35 ----D---- C:\Windows\Minidump
2014-08-04 20:56:08 ----D---- C:\Users\Ciza\AppData\Roaming\vlc
2014-08-04 17:54:28 ----SHD---- C:\System Volume Information
2014-08-04 17:48:36 ----D---- C:\Windows\System32
2014-08-03 15:16:56 ----D---- C:\Windows\inf
2014-07-31 12:42:45 ----RD---- C:\Program Files (x86)
2014-07-31 09:32:05 ----D---- C:\Users\Ciza\AppData\Roaming\Winamp
2014-07-30 21:17:32 ----D---- C:\Windows\winsxs
2014-07-30 21:15:56 ----D---- C:\Program Files\Microsoft Silverlight
2014-07-30 21:15:52 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 21:13:27 ----D---- C:\Program Files\Windows Journal
2014-07-30 21:13:26 ----SD---- C:\Windows\system32\CompatTel
2014-07-30 21:13:26 ----D---- C:\Windows\SYSWOW64\Dism
2014-07-30 21:13:25 ----D---- C:\Windows\system32\Dism
2014-07-30 21:13:21 ----D---- C:\Windows\SysWOW64
2014-07-30 21:13:21 ----D---- C:\Windows\system32\drivers
2014-07-30 21:13:21 ----D---- C:\Windows\ehome
2014-07-30 21:13:20 ----D---- C:\Windows\system32\cs-CZ
2014-07-30 21:13:19 ----D---- C:\Windows\SYSWOW64\en-US
2014-07-30 21:13:19 ----D---- C:\Program Files\Internet Explorer
2014-07-30 21:13:18 ----D---- C:\Windows\system32\en-US
2014-07-30 21:13:17 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-30 14:14:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-29 08:22:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-07-28 17:35:39 ----D---- C:\Users\Ciza\AppData\Roaming\DAEMON Tools Lite
2014-07-28 17:35:34 ----D---- C:\Users\Ciza\AppData\Roaming\uTorrent
2014-07-28 17:35:05 ----D---- C:\Windows\Panther
2014-07-28 17:35:00 ----D---- C:\Windows\Logs
2014-07-28 17:35:00 ----D---- C:\Windows\debug
2014-07-28 13:52:42 ----D---- C:\Windows\system32\NDF
2014-07-28 12:16:33 ----A---- C:\Windows\win.ini
2014-07-28 12:01:04 ----D---- C:\ProgramData
2014-07-28 11:58:24 ----D---- C:\Windows\Tasks
2014-07-28 11:58:11 ----D---- C:\Program Files (x86)\Common Files
2014-07-28 11:15:14 ----D---- C:\Windows\system32\Tasks
2014-07-24 17:18:04 ----D---- C:\Windows\Prefetch
2014-07-22 21:33:58 ----D---- C:\Windows\rescache
2014-07-22 17:52:31 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2014-07-12 17:00:33 ----D---- C:\ProgramData\Microsoft Help
2014-07-11 19:35:16 ----D---- C:\Windows\system32\catroot2
2014-07-11 19:35:16 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2012-02-01 31872]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 rtcrfilt64;Realtek Turbo Mode Filter Driver; C:\Windows\system32\DRIVERS\rtcrfilt64.sys [2012-09-04 19600]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-13 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2010-11-13 2715824]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 nethfdrv;nethfdrv; \??\C:\Windows\system32\drivers\nethfdrv.sys [2014-07-27 46160]
R1 SASDIFSV;SASDIFSV; \??\D:\Antiviry\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\D:\Antiviry\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 TsLwWfF;WiFi Capture Driver; C:\Windows\system32\DRIVERS\TsLwWfF.sys [2013-07-26 29384]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-03-05 10729984]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-03-05 328192]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2012-03-05 138280]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2012-11-12 22632]
R3 BCM43XX;Ovladač pro bezdrátovou síťovou kartu DW WLAN; C:\Windows\system32\DRIVERS\bcmwl664.sys [2012-03-21 5443648]
R3 BcmVWL;Broadcom Virtual Wireless; C:\Windows\system32\DRIVERS\bcmvwl64.sys [2012-03-16 21568]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-03-05 615464]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-03-05 184872]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-03-05 210984]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-03-05 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-03-05 21544]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-03-06 33344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-25 18432]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-03-19 14745600]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 320560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 fkhwqzce;fkhwqzce; \??\C:\Windows\system32\drivers\fkhwqzce.sys []
S3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys []
S3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 119312]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-03-05 10729984]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-04 103448]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 13824]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 IpwP;IPWireless 3G Network Adapter; C:\Windows\system32\DRIVERS\ipw3gnet.sys [2008-10-10 89088]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-08-31 25416]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 PortTalk;PortTalk; C:\Windows\System32\Drivers\PortTalk.sys []
S3 rak;rak; \??\D:\Hry\Softnyx\RakionIS\Bin\rakion64.sys [2011-12-11 45176]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 rkion;rkion; \??\D:\Hry\Softnyx\RakionIS\Bin\avital\rakon64.sys [2013-12-09 86352]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2012-09-04 317584]
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-06-04 203672]
S3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-03-23 505344]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbser;Nokia USB Serial Port Driver ; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; D:\Antiviry\SUPERAntiSpyware\SASCORE64.EXE [2011-08-12 140672]
R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2009-03-02 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-03-05 235520]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; D:\Programs\T-mobile\Web a walk manager\Web'n'walk Manager\ameisvc.exe [2010-06-03 122096]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2012-03-05 952608]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\Programs\LogMeIn Hamachi\hamachi-2.exe [2014-07-21 2544976]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-09-07 2464400]
R2 IePluginServices;IePlugin Services; C:\ProgramData\IePluginServices\PluginService.exe [2014-07-28 702344]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 NetHttpService;Network HTTP Support Service; C:\Windows\SysWOW64\nethtsrv.exe [2014-07-27 179200]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-11-28 76888]
R2 ServiceUpdater;Network Support Service Updater; C:\Windows\SysWOW64\netupdsrv.exe [2014-07-27 159744]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2010-11-13 551896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-28 68608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [2010-03-23 247808]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29 262320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-05-02 1432400]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-28 68608]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-19 111616]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1255736]
S4 MBAMService;MBAMService; D:\Antiviry\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 05 srp 2014 10:45

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Cizap · #3 Příspěvek od **Cizap** » 05 srp 2014 11:35

Tak odstranilo mi to vlezlej vyhledávač a něco co mi nešlo vypnout na pozadí ale reklamy zatim vyskakujou jak bláznivý furt

logy zde:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Ciza on Łt 05.08.2014 at 12:14:09,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c2f8ca82-2bd9-4513-b2d1-08a47914c1da}_is1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0061788.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0061788.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0061788.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0061788.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110611171188}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220622172288}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550655175588}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660666176688}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644174488}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611171188}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220622172288}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550655175588}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660666176688}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644174488}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0061788.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0061788.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0061788.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0061788.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550655175588}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660666176688}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644174488}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171188}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550655175588}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660666176688}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644174488}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171188}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\amiupdxp.job
Successfully deleted: [File] C:\Windows\Tasks\dsmonitor.job
Successfully deleted: [File] "C:\Users\Ciza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Ciza\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\pc speed up"
Successfully deleted: [Folder] "C:\Program Files (x86)\smart pc cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 05.08.2014 at 12:19:37,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.302 - Report created 05/08/2014 at 12:22:47
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Ciza - CIZA-NOTAS
# Running from : C:\Users\Ciza\Desktop\adwcleaner_3.302.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : IePluginServices
Service Deleted : nethfdrv
Service Deleted : NethxxpService
Service Deleted : ServiceUpdater
Service Deleted : {3f538614-b636-4023-9ec2-564ada4b07b3}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\rvlkl
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smart pc cleaner
[!] Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Program Files (x86)\HD-V1.9
Folder Deleted : C:\Users\Ciza\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Ciza\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ciza\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Ciza\AppData\Roaming\webssearches
Folder Deleted : C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\Extensions\faststartff@gmail.com
File Deleted : C:\Windows\SysWOW64\hfpapi.dll
File Deleted : C:\Windows\SysWOW64\installd.exe
File Deleted : C:\Windows\SysWOW64\nethtsrv.exe
File Deleted : C:\Windows\SysWOW64\netupdsrv.exe
File Deleted : C:\Windows\System32\drivers\nethfdrv.sys
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\{3f538614-b636-4023-9ec2-564ada4b07b3}Gw64.sys
File Deleted : C:\Users\Ciza\Desktop\Smart PC Cleaner.lnk
File Deleted : C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\user.js
File Deleted : C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : AmiUpdXp
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : bbf8356d-ace6-4c9e-9bcb-6b89de375c79-1
Task Deleted : bbf8356d-ace6-4c9e-9bcb-6b89de375c79-10
Task Deleted : bbf8356d-ace6-4c9e-9bcb-6b89de375c79-11
Task Deleted : bbf8356d-ace6-4c9e-9bcb-6b89de375c79-2
Task Deleted : bbf8356d-ace6-4c9e-9bcb-6b89de375c79-3
Task Deleted : bbf8356d-ace6-4c9e-9bcb-6b89de375c79-4
Task Deleted : bbf8356d-ace6-4c9e-9bcb-6b89de375c79-5
Task Deleted : bbf8356d-ace6-4c9e-9bcb-6b89de375c79-5_user
Task Deleted : bbf8356d-ace6-4c9e-9bcb-6b89de375c79-6
Task Deleted : bbf8356d-ace6-4c9e-9bcb-6b89de375c79-7

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Ciza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Ciza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Ciza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Ciza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Ciza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Ciza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424D-B5FD-125C4AFEE34E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424D-B5FD-125C4AFEE34E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\Smart PC Cleaner
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\AppDataLow\Software\HD-V1.9
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWindowsMangerProtect
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\webssearchesSoftware
Key Deleted : HKLM\Software\HD-V1.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart PC Cleaner_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HD-V1.9
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v3.6.13 (cs)

[ File : C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "webssearches");
Line Deleted : user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22urls%22[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1477c71a5edc7d488c74b50cee5824ec");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [17999 octets] - [05/08/2014 12:21:35]
AdwCleaner[S0].txt - [14883 octets] - [05/08/2014 12:22:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14944 octets] ##########

#4 Příspěvek od **JaRon** » 05 srp 2014 12:58

kdesi mi zmizol prispevok k tejto teme, tak ho vlozim znovu

stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim

akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

Cizap · #5 Příspěvek od **Cizap** » 08 srp 2014 21:54

tak tady je log z combofixu ale reklamy se pořád sypou

ComboFix 14-08-06.02 - Ciza 08.08.2014 22:11:16.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.6006.4302 [GMT 2:00]
Spuštěný z: c:\users\Ciza\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
ADS - Windows: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-08 do 2014-08-08 )))))))))))))))))))))))))))))))
.
.
2014-08-08 20:18 . 2014-08-08 20:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-08 20:18 . 2014-08-08 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-06 07:26 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE2F1CFC-9227-4C35-AB25-E48282C595F1}\mpengine.dll
2014-08-05 10:22 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-05 10:21 . 2014-08-05 10:23 -------- d-----w- C:\AdwCleaner
2014-08-05 10:14 . 2014-08-05 10:14 -------- d-----w- c:\windows\ERUNT
2014-08-05 09:37 . 2014-08-05 09:37 -------- d-----w- c:\program files\trend micro
2014-08-04 18:06 . 2014-08-04 18:06 687 ----a-w- C:\awhF9B9.tmp
2014-08-04 16:41 . 2014-08-04 16:41 687 ----a-w- C:\awhB1F0.tmp
2014-08-04 16:28 . 2014-08-04 16:28 687 ----a-w- C:\awh9E8F.tmp
2014-08-04 15:55 . 2014-08-04 15:55 687 ----a-w- C:\awh7741.tmp
2014-08-04 15:29 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-03 13:28 . 2014-05-04 19:37 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAD96B2D-611A-4D48-93A6-8D59DAFE115C}\gapaengine.dll
2014-07-31 11:20 . 2014-07-31 11:20 -------- d-----w- c:\users\Ciza\AppData\Local\Blizzard
2014-07-31 10:43 . 2014-07-31 10:43 -------- d-----w- c:\users\Ciza\AppData\Local\Blizzard Entertainment
2014-07-31 10:43 . 2014-08-08 19:54 -------- d-----w- c:\users\Ciza\AppData\Local\Battle.net
2014-07-31 10:43 . 2014-07-31 11:20 -------- d-----w- c:\users\Ciza\AppData\Roaming\Battle.net
2014-07-31 10:42 . 2014-08-08 19:38 -------- d-----w- c:\program files (x86)\Battle.net
2014-07-30 21:54 . 2014-07-31 07:34 -------- d-----w- c:\program files (x86)\TableNinja
2014-07-29 14:03 . 2014-07-29 14:03 687 ----a-w- C:\awhF3FA.tmp
2014-07-28 09:58 . 2014-07-28 09:58 -------- d-----w- c:\users\Ciza\AppData\Local\16655
2014-07-28 09:58 . 2014-07-28 09:58 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-07-28 09:12 . 2014-07-31 07:33 -------- d-----w- c:\program files (x86)\Seznam.cz
2014-07-28 09:12 . 2014-07-31 07:33 -------- d-----w- c:\users\Ciza\AppData\Roaming\Seznam.cz
2014-07-28 09:12 . 2014-07-28 09:12 -------- d-----w- c:\users\Ciza\AppData\Local\7583
2014-07-28 09:01 . 2014-07-28 09:01 -------- d-----w- c:\users\Ciza\AppData\Local\5581
2014-07-27 20:16 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-27 20:16 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-27 20:16 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-27 20:16 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-27 20:16 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-27 20:16 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-27 20:16 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-27 20:14 . 2014-06-18 02:19 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-27 20:14 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-27 20:14 . 2014-06-18 02:19 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-27 20:14 . 2014-06-18 02:19 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-27 20:14 . 2014-06-18 02:18 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-27 20:14 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-07-27 20:14 . 2014-06-18 01:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-27 20:14 . 2014-06-18 01:51 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-07-27 20:14 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-07-27 20:14 . 2014-06-18 01:10 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-07-27 20:14 . 2014-06-18 02:17 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-27 08:12 . 2014-07-27 08:12 108544 ----a-w- c:\windows\SysWow64\hfnapi.dll
2014-07-11 17:35 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-11 17:35 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-11 17:35 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-29 06:22 . 2012-04-03 11:43 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-29 06:22 . 2011-05-24 08:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-22 15:52 . 2011-05-05 19:58 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-30 07:52 . 2014-07-27 20:08 247808 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Ciza\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"DellSystemDetect"="c:\users\Ciza\AppData\Local\Apps\2.0\B1PPDJ7X.Z10\KOWMMD46.GY9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe" [2014-06-12 262720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"BCSSync"="d:\programs\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-05 343168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="d:\programs\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-3-5 1389856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 fkhwqzce;fkhwqzce;c:\windows\system32\drivers\fkhwqzce.sys;c:\windows\SYSNATIVE\drivers\fkhwqzce.sys [x]
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc;c:\windows\SYSNATIVE\appdrvrem01.exe svc [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys;c:\windows\SYSNATIVE\DRIVERS\ASPI32.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys;c:\windows\SYSNATIVE\DRIVERS\ipw3gnet.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys;c:\windows\SYSNATIVE\Drivers\PortTalk.sys [x]
R3 rak;rak;d:\hry\Softnyx\RakionIS\Bin\rakion64.sys;d:\hry\Softnyx\RakionIS\Bin\rakion64.sys [x]
R3 rkion;rkion;d:\hry\Softnyx\RakionIS\Bin\avital\rakon64.sys;d:\hry\Softnyx\RakionIS\Bin\avital\rakon64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMService;MBAMService;d:\antiviry\Malwarebytes' Anti-Malware\mbamservice.exe;d:\antiviry\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 rtcrfilt64;Realtek Turbo Mode Filter Driver;c:\windows\system32\DRIVERS\rtcrfilt64.sys;c:\windows\SYSNATIVE\DRIVERS\rtcrfilt64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys;c:\windows\SYSNATIVE\Drivers\appdrv01.sys [x]
S1 SASDIFSV;SASDIFSV;d:\antiviry\SUPERAntiSpyware\SASDIFSV64.SYS;d:\antiviry\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;d:\antiviry\SUPERAntiSpyware\SASKUTIL64.SYS;d:\antiviry\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys;c:\windows\SYSNATIVE\DRIVERS\TsLwWfF.sys [x]
S2 !SASCORE;SAS Core Service;d:\antiviry\SUPERAntiSpyware\SASCORE64.EXE;d:\antiviry\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;d:\programs\T-mobile\Web a walk manager\Web'n'walk Manager\ameisvc.exe;d:\programs\T-mobile\Web a walk manager\Web'n'walk Manager\ameisvc.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\programs\LogMeIn Hamachi\hamachi-2.exe;d:\programs\LogMeIn Hamachi\hamachi-2.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-27 19:52 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:22]
.
2014-08-08 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-400809872-2928890687-518477650-1000.job
- c:\users\Ciza\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-05-05 09:37]
.
2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 07:27]
.
2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 07:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-11-12 7520768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
mCustomizeSearch = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: &Download All with FlashGet - d:\programs\FlashGet\jc_all.htm
IE: &Download with FlashGet - d:\programs\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - d:\programs\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - d:\programs\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - d:\programs\MICROS~1\Office14\ONBttnIE.dll/105
IE: ????3?? - c:\users\Ciza\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Ciza\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
Trusted Zone: dell.com
FF - ProfilePath - c:\users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - d:\programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - d:\programs\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - d:\programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - d:\programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: HD-V1.9: caseyvelez@aol.com - %profile%\extensions\caseyvelez@aol.com
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{11111111-1111-1111-1111-110611171188} - c:\program files (x86)\HD-V1.9\HD-V1.9-bho64.dll
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-400809872-2928890687-518477650-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Ciza\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-400809872-2928890687-518477650-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Ciza\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-400809872-2928890687-518477650-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:c9,71,8e,7d,3f,af,55,28,81,df,24,a7,cf,17,0f,91,4e,25,e6,06,64,
26,68,40,45,7c,03,f3,e2,77,80,6b,f0,c7,80,2d,42,02,e4,2f,bd,5e,6d,2e,9a,2b,\
"rkeysecu"=hex:41,6e,8c,f1,7b,df,1c,dd,23,e2,5c,7b,64,0a,68,0f
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2014-08-08 22:29:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-08 20:29
ComboFix2.txt 2011-10-31 02:47
ComboFix3.txt 2011-10-30 11:45
.
Před spuštěním: Volných bajtů: 18 210 959 360
Po spuštění: Volných bajtů: 18 019 377 152
.
- - End Of File - - 291070BEE775E89370665FC601AE17C0
A36C5E4F47E84449FF07ED3517B43A31

#6 Příspěvek od **vyosek** » 09 srp 2014 08:21

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Cizap · #7 Příspěvek od **Cizap** » 11 srp 2014 12:43

provedeno. zatim mi žádný reklama nevyskočila, ale dávám to sem hned po restartu tak uvidim.

Zoek.exe v5.0.0.0 Updated 11-August-2014
Tool run by Ciza on po 11.08.2014 at 13:15:47,29.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ciza\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11.8.2014 13:17:22 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-400809872-2928890687-518477650-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110611171188} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171188} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{6904342A-8307-11DF-A508-4AE2DFD72085} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WindowsMangerProtect deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\prefs.js:
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default

user.js not found
---- Lines acaseyvelezaolcom61788 removed from prefs.js ----
user_pref("extensions.acaseyvelezaolcom61788.61788.active", true);
user_pref("extensions.acaseyvelezaolcom61788.61788.addressbar", "NA");
user_pref("extensions.acaseyvelezaolcom61788.61788.addressbarenhanced", "");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_firstRun.expiration", "Thu Jul 25 2024 12:08:51 GMT+0200");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_firstRun.value", "false");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_is_install_reported_.expiration", "Thu Jul 25 2024 12:08:50 GMT
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_is_install_reported_.value", "true");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_last_report_errors.expiration", "Thu Jul 25 2024 12:11:23 GMT+0
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_last_report_errors.value", "%7B%7D");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_lastUpdate.expiration", "Thu Jul 25 2024 12:08:50 GMT+0200");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_lastUpdate.value", "1406542130944");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_loader_session_page_impression.expiration", "Thu Jul 25 2024 12
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_loader_session_page_impression.value", "5");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_monetization_impression_buckets.expiration", "Thu Jul 25 2024 1
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_monetization_impression_buckets.value", "%7B%220%22%3A9%2C%2216
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_monetization_page_view.expiration", "Thu Jul 25 2024 12:12:37 G
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_monetization_page_view.value", "9");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_monetization_plugins_delay.expiration", "Thu Jul 25 2024 12:08:
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_monetization_plugins_delay.value", "%7B%2293%22%3A0%2C%22102%22
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_monetization_plugins_ids.expiration", "Thu Jul 25 2024 12:08:51
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_monetization_plugins_ids.value", "%5B93%2C102%2C104%2C119%2C123
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_override_verticals.expiration", "Thu Jul 25 2024 12:08:51 GMT+0
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_override_verticals.value", "%7B%7D");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_plugins_version_.expiration", "Thu Jul 25 2024 12:08:51 GMT+020
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_plugins_version_.value", "14");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_stats_.expiration", "Thu Jul 25 2024 12:08:50 GMT+0200");
user_pref("extensions.acaseyvelezaolcom61788.61788.asyncinternaldb.monetization_plugin_stats_.value", "%7B%22bic%22%3A%221477c71a5edc7d488c74b50cee582
user_pref("extensions.acaseyvelezaolcom61788.61788.backgroundver", 1);
user_pref("extensions.acaseyvelezaolcom61788.61788.certdomaininstaller", "");
user_pref("extensions.acaseyvelezaolcom61788.61788.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.cookie.InstallationTime.value", "%221406538149%22");
user_pref("extensions.acaseyvelezaolcom61788.61788.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001859%22%2C%22sub_id%22%3A%220%22%2C%22uzi
user_pref("extensions.acaseyvelezaolcom61788.61788.cookie.load_balancer.expiration", "Mon Jul 28 2014 18:08:53 GMT+0200");
user_pref("extensions.acaseyvelezaolcom61788.61788.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%5C%22%3A%20%5C%22
user_pref("extensions.acaseyvelezaolcom61788.61788.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.cookie.previous_page.value", "%22http%3A//software.seznam.cz/listicka/welcome.html%3Fbrowser%3Dgeck
user_pref("extensions.acaseyvelezaolcom61788.61788.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.cookie.user_id.value", "%221477c71a5edc7d488c74b50cee5824ec%22");
user_pref("extensions.acaseyvelezaolcom61788.61788.description", "Lights out for YouTube");
user_pref("extensions.acaseyvelezaolcom61788.61788.domain", "");
user_pref("extensions.acaseyvelezaolcom61788.61788.enablesearch", false);
user_pref("extensions.acaseyvelezaolcom61788.61788.homepage", "");
user_pref("extensions.acaseyvelezaolcom61788.61788.changeprevious", false);
user_pref("extensions.acaseyvelezaolcom61788.61788.iframe", false);
user_pref("extensions.acaseyvelezaolcom61788.61788.InstallationThankYouPage", true);
user_pref("extensions.acaseyvelezaolcom61788.61788.InstallationTime", 1406538149);
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.__defualt_browser__.value", "%22opera%22");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B67108872%2C-2147483579%2C0%5D%7D")
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22E0A54CA43
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22E0A54CA435784053A89AEE2C7B8BDC
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001859%22%2C%22sub_id%22%3A%220%22%2C%2
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001859%22%2C%22sub_id%22%3A%220%22
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22E0A54CA435784053A89AE
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:00:00 GMT+01
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.Resources_appVer.value", "33");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.Resources_nextCheck.expiration", "Mon Jul 28 2014 18:08:50 GMT+0200");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.acaseyvelezaolcom61788.61788.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.acaseyvelezaolcom61788.61788.lastDailyReport", "1406542128624");
user_pref("extensions.acaseyvelezaolcom61788.61788.lastUpdate", "1406542125541");
user_pref("extensions.acaseyvelezaolcom61788.61788.manifesturl", "");
user_pref("extensions.acaseyvelezaolcom61788.61788.name", "HD-V1.9");
user_pref("extensions.acaseyvelezaolcom61788.61788.newtab", "");
user_pref("extensions.acaseyvelezaolcom61788.61788.opensearch", "");
user_pref("extensions.acaseyvelezaolcom61788.61788.pluginsurl", "http://js.infodatacloud.com/plugin/apps ... ugins.json");
user_pref("extensions.acaseyvelezaolcom61788.61788.pluginsversion", 27);
user_pref("extensions.acaseyvelezaolcom61788.61788.publisher", "InfoHD-V1.8");
user_pref("extensions.acaseyvelezaolcom61788.61788.searchstatus", 0);
user_pref("extensions.acaseyvelezaolcom61788.61788.setnewtab", false);
user_pref("extensions.acaseyvelezaolcom61788.61788.thankyou", "");
user_pref("extensions.acaseyvelezaolcom61788.61788.updateinterval", 360);
user_pref("extensions.acaseyvelezaolcom61788.61788.ver", 33);
user_pref("extensions.acaseyvelezaolcom61788.apps", "61788");
user_pref("extensions.acaseyvelezaolcom61788.bic", "1477c71a5edc7d488c74b50cee5824ec");
user_pref("extensions.acaseyvelezaolcom61788.cid", 61788);
user_pref("extensions.acaseyvelezaolcom61788.firstrun", false);
user_pref("extensions.acaseyvelezaolcom61788.hadappinstalled", true);
user_pref("extensions.acaseyvelezaolcom61788.installationdate", 1406542129);
user_pref("extensions.acaseyvelezaolcom61788.installerAdditionalInfo", "{\"asw\":[67108872, -2147483579, 0]}");
user_pref("extensions.acaseyvelezaolcom61788.modetype", "production");
user_pref("extensions.acaseyvelezaolcom61788.reportInstall", true);
user_pref("extensions.acaseyvelezaolcom61788.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----

prefs_11.08.2014_1325_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command]
@="C:\\Program Files (x86)\\Opera\\Opera.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\COMMON~1\Config\uninstinethnfd.exe deleted
C:\PROGRA~2\COMMON~1\Config deleted
C:\awh7741.tmp deleted
C:\awh9E8F.tmp deleted
C:\awhB1F0.tmp deleted
C:\awhF3FA.tmp deleted
C:\awhF9B9.tmp deleted
C:\found.000 deleted
C:\found.001 deleted
C:\Users\Ciza\AppData\Roaming\ozjsi.dll deleted
C:\PROGRA~3\ICQ deleted
C:\Users\Ciza\AppData\Local\BearShare deleted
C:\Users\Ciza\AppData\Local\cache deleted
C:\Users\Ciza\Searches deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\extensions\caseyvelez@aol.com deleted
"C:\Users\Ciza\AppData\Local\{26D1599D-8249-48EB-813C-7408BDC796FC}" deleted
"C:\Users\Ciza\AppData\Roaming\Vso" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [06.05.2013 15:11]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default
- Java Console - D:\Programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
- Java Console - D:\Programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
- Java Console - D:\Programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
- Skype Click to Call - D:\Programs\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - D:\Programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
- Java Console - D:\Programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14.05.2013 13:27]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[26.04.2013 09:53]

Skype Click to Call - Ciza\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
HD-V1.9 - Ciza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdjjjmnacfjnmgckbhldbekckfldeolk
YouTube - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Skype Click to Call - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chromium Startpages ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"homepage": "http://www.google.com/",

==== Chrome Fix ======================

C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdjjjmnacfjnmgckbhldbekckfldeolk deleted successfully
C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pdjjjmnacfjnmgckbhldbekckfldeolk_0.localstorage deleted successfully
C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pdjjjmnacfjnmgckbhldbekckfldeolk_0.localstorage-journal deleted successfully
C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pdjjjmnacfjnmgckbhldbekckfldeolk_0 deleted successfully
C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdjjjmnacfjnmgckbhldbekckfldeolk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{4A537C70-ACDD-48B4-AC6C-D9D4A03466B3} Google Url="http://www.google.cz/search?q={searchTe ... {startPage}"

==== Reset Google Chrome ======================

C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BB6W88S0 will be deleted at reboot
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTVQ4V8Q will be deleted at reboot
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZRK8MMJ will be deleted at reboot
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GCT9U64A will be deleted at reboot
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ69VFQV will be deleted at reboot
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRS0QM0I will be deleted at reboot
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOQDYX4B will be deleted at reboot
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R146XFHE will be deleted at reboot
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU3YU3VC will be deleted at reboot
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWUD4BDF will be deleted at reboot
C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3YGYAXZ will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=478 folders=47 40418808 bytes)

==== Empty Temp Folders ======================

C:\Users\Ciza\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Ciza\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BB6W88S0" not found
"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTVQ4V8Q" not found
"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZRK8MMJ" not found
"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GCT9U64A" not found
"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ69VFQV" not found
"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRS0QM0I" not found
"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOQDYX4B" not found
"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R146XFHE" not found
"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU3YU3VC" not found
"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWUD4BDF" not found
"C:\Users\Ciza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X3YGYAXZ" not found

==== EOF on po 11.08.2014 at 13:39:39,69 ======================

#8 Příspěvek od **vyosek** » 11 srp 2014 21:05

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Cizap · #9 Příspěvek od **Cizap** » 12 srp 2014 14:00

Addition.rar: (15.64 KiB) Staženo 45 x

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Ciza (administrator) on CIZA-NOTAS on 12-08-2014 14:54:34
Running from C:\Users\Ciza\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(SUPERAntiSpyware.com) D:\Antiviry\SUPERAntiSpyware\SASCore64.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Gemfor s.r.o.) D:\Programs\T-mobile\Web a walk manager\Web'n'walk Manager\ameisvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Users\Ciza\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dell) C:\Users\Ciza\AppData\Local\Apps\2.0\B1PPDJ7X.Z10\KOWMMD46.GY9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Ciza\AppData\Local\Akamai\netsession_win.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(forum.viry.cz) C:\Users\Ciza\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2012-11-12] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => D:\Programs\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ciza\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Run: [DellSystemDetect] => C:\Users\Ciza\AppData\Local\Apps\2.0\B1PPDJ7X.Z10\KOWMMD46.GY9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-12] (Dell)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Policies\Explorer: []
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: Správa překryvné ikony digitálních podpisů AutoCADu -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {4A537C70-ACDD-48B4-AC6C-D9D4A03466B3} URL = http://www.google.cz/search?q={searchTe ... {startPage}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> D:\Programs\FlashGet\jccatch.dll (http://www.flashget.com)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Programs\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> D:\Programs\FlashGet\getflash.dll (http://www.flashget.com)
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati ... 0.31.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Programs\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Programs\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Programs\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> D:\Programs\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Ciza\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ciza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\searchplugins\firmycz.xml
FF SearchPlugin: C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\searchplugins\mapycz.xml
FF SearchPlugin: C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\searchplugins\zbocz.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Ciza\AppData\Roaming\Mozilla\Firefox\Profiles\snm84p6m.default\Extensions\battlefieldheroespatcher@ea.com [2013-05-03]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-06]
FF Extension: Java Console - D:\Programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-02-12]
FF Extension: Java Console - D:\Programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-01]
FF Extension: Java Console - D:\Programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-07]
FF Extension: Skype Click to Call - D:\Programs\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-09-02]
FF Extension: Java Console - D:\Programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012-05-31]
FF Extension: Java Console - D:\Programs\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-08-30]

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-11]
CHR Extension: (Disk Google) - C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
CHR Extension: (YouTube) - C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
CHR Extension: (Vyhledávání Google) - C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-11]
CHR Extension: (Peněženka Google) - C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-04-06]
CHR Extension: (Gmail) - C:\Users\Ciza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-04-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; D:\Antiviry\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-12] (SUPERAntiSpyware.com) [File not signed]
R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 ameisvc; D:\Programs\T-mobile\Web a walk manager\Web'n'walk Manager\ameisvc.exe [122096 2010-06-03] (Gemfor s.r.o.)
S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [551896 2010-11-13] (Protection Technology)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S2 Hamachi2Svc; D:\Programs\LogMeIn Hamachi\hamachi-2.exe [2544976 2014-07-21] (LogMeIn Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MBAMService; D:\Antiviry\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-28] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-11-12] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [2715824 2010-11-13] (Protection Technology)
S3 ASPI; C:\Windows\SysWOW64\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-05] (Broadcom Corporation.)
S3 IpwP; C:\Windows\System32\DRIVERS\ipw3gnet.sys [89088 2008-10-10] (IPWireless Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25416 2011-08-31] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic http://www.beyondlogic.org) [File not signed]
S3 rak; D:\Hry\Softnyx\RakionIS\Bin\rakion64.sys [45176 2011-12-11] ()
S3 rkion; D:\Hry\Softnyx\RakionIS\Bin\avital\rakon64.sys [86352 2013-12-09] ()
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-09-04] (Realtek Semiconductor Corp.)
R1 SASDIFSV; D:\Antiviry\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\Antiviry\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-13] () [File not signed]
R1 TsLwWfF; C:\Windows\System32\DRIVERS\TsLwWfF.sys [29384 2013-07-26] (TamoSoft)
U3 ac1cb3jd; C:\Windows\System32\Drivers\ac1cb3jd.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 fkhwqzce; \??\C:\Windows\system32\drivers\fkhwqzce.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 14:54 - 2014-08-12 14:54 - 00024307 _____ () C:\Users\Ciza\Desktop\FRST.txt
2014-08-12 14:53 - 2014-08-12 14:54 - 00000000 ____D () C:\FRST
2014-08-12 14:50 - 2014-08-12 14:50 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Desktop\FRSTLauncher.exe
2014-08-12 14:48 - 2014-08-12 14:48 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Downloads\Nepotvrzeno 888595.crdownload
2014-08-12 14:46 - 2014-08-12 14:46 - 02099712 _____ (Farbar) C:\Users\Ciza\Desktop\FRST64.exe
2014-08-12 14:45 - 2014-08-12 14:45 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Downloads\Nepotvrzeno 334222.crdownload
2014-08-12 00:10 - 2014-08-12 00:10 - 00289616 _____ () C:\Windows\Minidump\081214-25802-01.dmp
2014-08-11 22:08 - 2014-08-11 22:30 - 00000000 ____D () C:\Users\Ciza\Desktop\dovča 2014
2014-08-11 14:34 - 2014-08-11 15:34 - 775172370 _____ () C:\Users\Ciza\Downloads\Nymfomanka, část 2 Nymphomaniac II 2013 HDRiP.DiVX.MP3-ART3MiS.avi
2014-08-11 13:28 - 2014-08-11 13:15 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-11 13:17 - 2014-08-11 13:39 - 00028304 _____ () C:\zoek-results.log
2014-08-11 13:15 - 2014-08-11 13:26 - 00000000 ____D () C:\zoek_backup
2014-08-11 13:14 - 2014-08-11 13:15 - 01288704 _____ () C:\Users\Ciza\Desktop\zoek.exe
2014-08-10 21:48 - 2014-08-10 21:48 - 00289672 _____ () C:\Windows\Minidump\081014-25584-01.dmp
2014-08-08 22:29 - 2014-08-08 22:29 - 00026837 _____ () C:\ComboFix.txt
2014-08-08 22:04 - 2014-08-08 22:06 - 05568206 ____R (Swearware) C:\Users\Ciza\Desktop\ComboFix.exe
2014-08-05 12:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-05 12:21 - 2014-08-05 12:23 - 00000000 ____D () C:\AdwCleaner
2014-08-05 12:19 - 2014-08-05 12:19 - 00007082 _____ () C:\Users\Ciza\Desktop\JRT.txt
2014-08-05 12:14 - 2014-08-05 12:14 - 00000000 ____D () C:\Windows\ERUNT
2014-08-05 12:09 - 2014-08-05 12:10 - 01361309 _____ () C:\Users\Ciza\Desktop\adwcleaner_3.302.exe
2014-08-05 12:09 - 2014-08-05 12:09 - 01016261 _____ (Thisisu) C:\Users\Ciza\Desktop\JRT.exe
2014-08-05 11:37 - 2014-08-05 11:37 - 00000000 ____D () C:\Program Files\trend micro
2014-08-05 11:33 - 2014-08-05 11:33 - 01222144 _____ () C:\Users\Ciza\Downloads\RSITx64.exe
2014-08-04 21:09 - 2014-08-04 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-04 21:05 - 2014-08-04 21:05 - 00281960 _____ () C:\Windows\Minidump\080414-40466-01.dmp
2014-08-04 18:35 - 2014-08-04 18:35 - 00281960 _____ () C:\Windows\Minidump\080414-29530-01.dmp
2014-08-04 17:48 - 2014-08-11 13:32 - 00003054 _____ () C:\Windows\PFRO.log
2014-08-04 17:48 - 2014-08-04 17:49 - 00430560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-03 15:17 - 2014-08-12 00:10 - 00003572 _____ () C:\Windows\setupact.log
2014-08-03 15:17 - 2014-08-03 15:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 13:20 - 2014-07-31 13:20 - 00000000 ____D () C:\Users\Ciza\AppData\Local\Blizzard
2014-07-31 13:10 - 2014-07-31 13:10 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HearthstoneHearthstone.lnk
2014-07-31 13:10 - 2014-07-31 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-07-31 12:43 - 2014-08-08 21:54 - 00000000 ____D () C:\Users\Ciza\AppData\Local\Battle.net
2014-07-31 12:43 - 2014-07-31 13:20 - 00000000 ____D () C:\Users\Ciza\AppData\Roaming\Battle.net
2014-07-31 12:43 - 2014-07-31 12:43 - 00000000 ____D () C:\Users\Ciza\AppData\Local\Blizzard Entertainment
2014-07-31 12:42 - 2014-08-08 21:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-31 12:42 - 2014-07-31 12:42 - 00001158 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk
2014-07-31 12:42 - 2014-07-31 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-31 11:51 - 2014-07-31 11:51 - 03099552 _____ (Blizzard Entertainment) C:\Users\Ciza\Downloads\Hearthstone-Setup-enUS.exe
2014-07-31 11:26 - 2014-07-31 11:26 - 00119800 _____ () C:\Users\Ciza\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-30 23:56 - 2014-07-30 23:56 - 00000045 _____ () C:\Users\Ciza\AppData\Local\machpro.dat
2014-07-30 23:54 - 2014-07-31 09:34 - 00000000 ____D () C:\Program Files (x86)\TableNinja
2014-07-30 23:53 - 2014-07-30 23:53 - 00000000 ____D () C:\Users\Ciza\Downloads\TableNinja
2014-07-30 23:49 - 2014-07-30 23:49 - 01141892 _____ () C:\Users\Ciza\Downloads\TableNinja.zip
2014-07-30 15:18 - 2014-07-30 15:19 - 52562464 _____ (PokerStars) C:\Users\Ciza\Downloads\PokerStarsInstall.exe
2014-07-28 12:07 - 2014-07-28 12:07 - 00211968 _____ () C:\Users\Ciza\Downloads\File.exe
2014-07-28 12:06 - 2014-07-28 12:06 - 00314368 _____ (SurveyBypasser.Com) C:\Users\Ciza\Downloads\Sharecash-Survey-Killer-v2.exe
2014-07-28 12:00 - 2014-07-28 12:00 - 00357088 _____ () C:\Users\Ciza\Downloads\Surveys Remover Downloader__3687_i1098060571_il142120.exe
2014-07-28 11:59 - 2014-07-28 11:59 - 00104841 _____ () C:\Users\Ciza\Downloads\Nepotvrzeno 968203.crdownload
2014-07-28 11:58 - 2014-07-28 11:58 - 00000000 ____D () C:\Users\Ciza\AppData\Local\16655
2014-07-28 11:57 - 2014-07-28 11:57 - 00357088 _____ () C:\Users\Ciza\Downloads\Surveys Remover Downloader__3687_i1098053083_il141082.exe
2014-07-28 11:54 - 2014-07-28 11:54 - 00208238 _____ () C:\Users\Ciza\Downloads\Advanced-PokerStars-Hack-2013-V9-5.rar
2014-07-28 11:12 - 2014-07-31 09:33 - 00000000 ____D () C:\Users\Ciza\AppData\Roaming\Seznam.cz
2014-07-28 11:12 - 2014-07-31 09:33 - 00000000 ____D () C:\Program Files (x86)\Seznam.cz
2014-07-28 11:12 - 2014-07-28 11:12 - 00000000 ____D () C:\Users\Ciza\AppData\Local\7583
2014-07-28 11:09 - 2014-07-28 11:10 - 00265216 _____ () C:\Users\Ciza\Downloads\SurveyBypasser__7934_il117918 (1).exe
2014-07-28 11:01 - 2014-07-28 11:01 - 00000000 ____D () C:\Users\Ciza\AppData\Local\5581
2014-07-28 11:00 - 2014-07-28 11:00 - 00265216 _____ () C:\Users\Ciza\Downloads\SurveyBypasser__7934_il117918.exe
2014-07-27 23:16 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-27 23:16 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-27 23:16 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-27 23:16 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-27 23:16 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-27 23:16 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-27 23:16 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-27 23:16 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-27 23:16 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-27 23:16 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-27 23:16 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-27 23:16 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-27 23:16 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-27 23:16 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-27 23:16 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-27 23:16 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-27 23:16 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-27 23:16 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-27 23:16 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-27 23:16 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-27 23:16 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-27 23:16 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-27 23:16 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-27 23:16 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-27 23:16 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-27 23:16 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-27 23:16 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-27 23:16 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-27 23:16 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-27 23:16 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-27 23:16 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-27 23:16 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-27 23:16 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-27 23:16 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-27 23:16 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-27 23:16 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-27 23:16 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-27 23:16 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-27 23:16 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-27 23:16 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-27 23:16 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-27 23:16 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-27 23:16 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-27 23:16 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-27 23:16 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-27 23:16 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-27 23:16 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-27 23:16 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-27 23:16 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-27 23:16 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-27 23:16 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-27 23:16 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-27 23:16 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-27 23:16 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-27 23:16 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-27 23:16 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-27 22:16 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-27 22:16 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-27 22:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-27 22:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-27 22:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-27 22:08 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-27 22:08 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-27 22:08 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-27 22:08 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-27 22:08 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-27 22:08 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-27 22:08 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-27 22:08 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-27 22:08 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-27 22:08 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-27 22:08 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-27 22:08 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-27 22:08 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-27 22:08 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-27 22:08 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-27 22:08 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-27 22:08 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-27 10:12 - 2014-07-27 10:12 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 14:54 - 2014-08-12 14:54 - 00024307 _____ () C:\Users\Ciza\Desktop\FRST.txt
2014-08-12 14:54 - 2014-08-12 14:53 - 00000000 ____D () C:\FRST
2014-08-12 14:50 - 2014-08-12 14:50 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Desktop\FRSTLauncher.exe
2014-08-12 14:50 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 14:50 - 2009-07-14 06:45 - 00014976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 14:48 - 2014-08-12 14:48 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Downloads\Nepotvrzeno 888595.crdownload
2014-08-12 14:48 - 2010-10-25 21:37 - 00000000 ____D () C:\Users\Ciza
2014-08-12 14:48 - 2010-10-25 19:20 - 01625507 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 14:46 - 2014-08-12 14:46 - 02099712 _____ (Farbar) C:\Users\Ciza\Desktop\FRST64.exe
2014-08-12 14:45 - 2014-08-12 14:45 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Downloads\Nepotvrzeno 334222.crdownload
2014-08-12 14:43 - 2011-02-14 19:01 - 00000000 ____D () C:\Users\Ciza\AppData\Local\LogMeIn Hamachi
2014-08-12 14:43 - 2010-12-06 12:00 - 00000000 ____D () C:\Users\Ciza\AppData\Roaming\Skype
2014-08-12 14:40 - 2009-07-14 17:18 - 04255792 _____ () C:\Windows\system32\perfh005.dat
2014-08-12 14:40 - 2009-07-14 17:18 - 01392920 _____ () C:\Windows\system32\perfc005.dat
2014-08-12 14:40 - 2009-07-14 07:13 - 00006264 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 14:39 - 2012-04-03 13:44 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-12 14:39 - 2012-01-31 17:15 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 14:39 - 2012-01-31 17:15 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 14:37 - 2014-02-27 09:44 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-400809872-2928890687-518477650-1000.job
2014-08-12 00:11 - 2011-02-08 12:25 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-12 00:10 - 2014-08-12 00:10 - 00289616 _____ () C:\Windows\Minidump\081214-25802-01.dmp
2014-08-12 00:10 - 2014-08-03 15:17 - 00003572 _____ () C:\Windows\setupact.log
2014-08-12 00:10 - 2011-08-31 11:08 - 00000000 ____D () C:\Windows\Minidump
2014-08-12 00:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 00:06 - 2010-11-07 11:55 - 00000000 ____D () C:\Users\Ciza\AppData\Roaming\vlc
2014-08-11 22:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-11 22:30 - 2014-08-11 22:08 - 00000000 ____D () C:\Users\Ciza\Desktop\dovča 2014
2014-08-11 21:47 - 2010-11-05 14:18 - 01020416 ___SH () C:\Users\Ciza\Desktop\Thumbs.db
2014-08-11 15:34 - 2014-08-11 14:34 - 775172370 _____ () C:\Users\Ciza\Downloads\Nymfomanka, část 2 Nymphomaniac II 2013 HDRiP.DiVX.MP3-ART3MiS.avi
2014-08-11 13:39 - 2014-08-11 13:17 - 00028304 _____ () C:\zoek-results.log
2014-08-11 13:32 - 2014-08-04 17:48 - 00003054 _____ () C:\Windows\PFRO.log
2014-08-11 13:26 - 2014-08-11 13:15 - 00000000 ____D () C:\zoek_backup
2014-08-11 13:15 - 2014-08-11 13:28 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-11 13:15 - 2014-08-11 13:14 - 01288704 _____ () C:\Users\Ciza\Desktop\zoek.exe
2014-08-10 21:48 - 2014-08-10 21:48 - 00289672 _____ () C:\Windows\Minidump\081014-25584-01.dmp
2014-08-08 22:29 - 2014-08-08 22:29 - 00026837 _____ () C:\ComboFix.txt
2014-08-08 22:29 - 2011-10-30 12:59 - 00000000 ____D () C:\Qoobox
2014-08-08 22:24 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-08 22:20 - 2009-07-14 04:34 - 95420416 _____ () C:\Windows\system32\config\software.bak
2014-08-08 22:20 - 2009-07-14 04:34 - 26476544 _____ () C:\Windows\system32\config\system.bak
2014-08-08 22:20 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-08-08 22:20 - 2009-07-14 04:34 - 00102400 _____ () C:\Windows\system32\config\sam.bak
2014-08-08 22:20 - 2009-07-14 04:34 - 00049152 _____ () C:\Windows\system32\config\security.bak
2014-08-08 22:18 - 2011-10-30 13:01 - 00000000 ____D () C:\Windows\ERDNT
2014-08-08 22:06 - 2014-08-08 22:04 - 05568206 ____R (Swearware) C:\Users\Ciza\Desktop\ComboFix.exe
2014-08-08 21:54 - 2014-07-31 12:43 - 00000000 ____D () C:\Users\Ciza\AppData\Local\Battle.net
2014-08-08 21:38 - 2014-07-31 12:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-06 15:53 - 2010-11-05 15:35 - 00000000 ____D () C:\Users\Ciza\Desktop\Hry
2014-08-06 15:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-05 12:40 - 2013-12-09 21:09 - 00000000 ____D () C:\Users\Ciza\AppData\Local\PokerStars
2014-08-05 12:23 - 2014-08-05 12:21 - 00000000 ____D () C:\AdwCleaner
2014-08-05 12:23 - 2011-04-06 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-05 12:23 - 2011-02-10 08:30 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-08-05 12:23 - 2010-10-25 21:38 - 00000967 _____ () C:\Users\Ciza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-05 12:19 - 2014-08-05 12:19 - 00007082 _____ () C:\Users\Ciza\Desktop\JRT.txt
2014-08-05 12:16 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-05 12:14 - 2014-08-05 12:14 - 00000000 ____D () C:\Windows\ERUNT
2014-08-05 12:10 - 2014-08-05 12:09 - 01361309 _____ () C:\Users\Ciza\Desktop\adwcleaner_3.302.exe
2014-08-05 12:09 - 2014-08-05 12:09 - 01016261 _____ (Thisisu) C:\Users\Ciza\Desktop\JRT.exe
2014-08-05 11:37 - 2014-08-05 11:37 - 00000000 ____D () C:\Program Files\trend micro
2014-08-05 11:33 - 2014-08-05 11:33 - 01222144 _____ () C:\Users\Ciza\Downloads\RSITx64.exe
2014-08-04 21:09 - 2014-08-04 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-04 21:05 - 2014-08-04 21:05 - 00281960 _____ () C:\Windows\Minidump\080414-40466-01.dmp
2014-08-04 18:35 - 2014-08-04 18:35 - 00281960 _____ () C:\Windows\Minidump\080414-29530-01.dmp
2014-08-04 17:49 - 2014-08-04 17:48 - 00430560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-03 15:17 - 2014-08-03 15:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 13:20 - 2014-07-31 13:20 - 00000000 ____D () C:\Users\Ciza\AppData\Local\Blizzard
2014-07-31 13:20 - 2014-07-31 12:43 - 00000000 ____D () C:\Users\Ciza\AppData\Roaming\Battle.net
2014-07-31 13:10 - 2014-07-31 13:10 - 00000839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HearthstoneHearthstone.lnk
2014-07-31 13:10 - 2014-07-31 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-07-31 12:43 - 2014-07-31 12:43 - 00000000 ____D () C:\Users\Ciza\AppData\Local\Blizzard Entertainment
2014-07-31 12:42 - 2014-07-31 12:42 - 00001158 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.netBattle.net.lnk
2014-07-31 12:42 - 2014-07-31 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-31 11:51 - 2014-07-31 11:51 - 03099552 _____ (Blizzard Entertainment) C:\Users\Ciza\Downloads\Hearthstone-Setup-enUS.exe
2014-07-31 11:26 - 2014-07-31 11:26 - 00119800 _____ () C:\Users\Ciza\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-31 09:34 - 2014-07-30 23:54 - 00000000 ____D () C:\Program Files (x86)\TableNinja
2014-07-31 09:33 - 2014-07-28 11:12 - 00000000 ____D () C:\Users\Ciza\AppData\Roaming\Seznam.cz
2014-07-31 09:33 - 2014-07-28 11:12 - 00000000 ____D () C:\Program Files (x86)\Seznam.cz
2014-07-31 09:32 - 2010-12-14 16:40 - 00000000 ____D () C:\Users\Ciza\AppData\Roaming\Winamp
2014-07-30 23:56 - 2014-07-30 23:56 - 00000045 _____ () C:\Users\Ciza\AppData\Local\machpro.dat
2014-07-30 23:53 - 2014-07-30 23:53 - 00000000 ____D () C:\Users\Ciza\Downloads\TableNinja
2014-07-30 23:49 - 2014-07-30 23:49 - 01141892 _____ () C:\Users\Ciza\Downloads\TableNinja.zip
2014-07-30 21:15 - 2012-05-15 20:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 21:15 - 2012-05-15 20:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 21:13 - 2014-05-07 09:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-30 21:13 - 2009-07-14 17:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-30 21:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-30 21:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-30 15:19 - 2014-07-30 15:18 - 52562464 _____ (PokerStars) C:\Users\Ciza\Downloads\PokerStarsInstall.exe
2014-07-29 08:22 - 2012-04-03 13:44 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-29 08:22 - 2012-04-03 13:43 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-29 08:22 - 2011-05-24 10:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-28 17:35 - 2013-05-01 13:48 - 00000000 ____D () C:\Users\Ciza\AppData\Roaming\uTorrent
2014-07-28 17:35 - 2010-11-13 14:38 - 00000000 ____D () C:\Users\Ciza\AppData\Roaming\DAEMON Tools Lite
2014-07-28 17:35 - 2010-10-25 20:16 - 00000000 ____D () C:\Windows\Panther
2014-07-28 12:16 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-07-28 12:07 - 2014-07-28 12:07 - 00211968 _____ () C:\Users\Ciza\Downloads\File.exe
2014-07-28 12:06 - 2014-07-28 12:06 - 00314368 _____ (SurveyBypasser.Com) C:\Users\Ciza\Downloads\Sharecash-Survey-Killer-v2.exe
2014-07-28 12:00 - 2014-07-28 12:00 - 00357088 _____ () C:\Users\Ciza\Downloads\Surveys Remover Downloader__3687_i1098060571_il142120.exe
2014-07-28 11:59 - 2014-07-28 11:59 - 00104841 _____ () C:\Users\Ciza\Downloads\Nepotvrzeno 968203.crdownload
2014-07-28 11:58 - 2014-07-28 11:58 - 00000000 ____D () C:\Users\Ciza\AppData\Local\16655
2014-07-28 11:57 - 2014-07-28 11:57 - 00357088 _____ () C:\Users\Ciza\Downloads\Surveys Remover Downloader__3687_i1098053083_il141082.exe
2014-07-28 11:54 - 2014-07-28 11:54 - 00208238 _____ () C:\Users\Ciza\Downloads\Advanced-PokerStars-Hack-2013-V9-5.rar
2014-07-28 11:12 - 2014-07-28 11:12 - 00000000 ____D () C:\Users\Ciza\AppData\Local\7583
2014-07-28 11:10 - 2014-07-28 11:09 - 00265216 _____ () C:\Users\Ciza\Downloads\SurveyBypasser__7934_il117918 (1).exe
2014-07-28 11:01 - 2014-07-28 11:01 - 00000000 ____D () C:\Users\Ciza\AppData\Local\5581
2014-07-28 11:00 - 2014-07-28 11:00 - 00265216 _____ () C:\Users\Ciza\Downloads\SurveyBypasser__7934_il117918.exe
2014-07-28 09:07 - 2012-05-15 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 10:12 - 2014-07-27 10:12 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2014-07-23 21:00 - 2009-07-14 07:08 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-22 21:33 - 2013-11-15 17:09 - 00000000 ____D () C:\Windows\rescache
2014-07-22 18:54 - 2011-11-03 11:42 - 00119800 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 17:52 - 2011-05-05 21:58 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-22 12:52 - 2011-05-18 15:47 - 00000000 ____D () C:\Users\Ciza\Documents\TrackMania

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:120.06 GB) (Free:17.3 GB) NTFS
Drive d: () (Fixed) (Total:345.61 GB) (Free:4.14 GB) NTFS

Available physical RAM: 3152.57 MB
Total physical RAM: 6005.85 MB
Percentage of memory in use: 47%

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-400809872-2928890687-518477650-1000.job => C:\Users\Ciza\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:8927A071

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Ciza\Desktop" je 3932 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Programs\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"="D:\\Programs\\FlashGet Network\\FlashGet 3\\FlashGet3.exe:*:Enabled:Flashget3"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#10 Příspěvek od **vyosek** » 12 srp 2014 21:10

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM-x32\...\Run: [BCSSync] => D:\Programs\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ciza\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Run: [DellSystemDetect] => C:\Users\Ciza\AppData\Local\Apps\2.0\B1PPDJ7X.Z10\KOWMMD46.GY9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-12] (Dell)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Policies\Explorer: [] 

U3 ac1cb3jd; C:\Windows\System32\Drivers\ac1cb3jd.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 fkhwqzce; \??\C:\Windows\system32\drivers\fkhwqzce.sys [X]
C:\Windows\system32\drivers\fkhwqzce.sys

2014-08-12 14:54 - 2014-08-12 14:54 - 00024307 _____ () C:\Users\Ciza\Desktop\FRST.txt
2014-08-12 14:50 - 2014-08-12 14:50 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Desktop\FRSTLauncher.exe
2014-08-12 14:48 - 2014-08-12 14:48 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Downloads\Nepotvrzeno 888595.crdownload
2014-08-12 14:45 - 2014-08-12 14:45 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Downloads\Nepotvrzeno 334222.crdownload
2014-08-11 13:28 - 2014-08-11 13:15 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-11 13:17 - 2014-08-11 13:39 - 00028304 _____ () C:\zoek-results.log
2014-08-11 13:15 - 2014-08-11 13:26 - 00000000 ____D () C:\zoek_backup
2014-08-11 13:14 - 2014-08-11 13:15 - 01288704 _____ () C:\Users\Ciza\Desktop\zoek.exe
2014-08-08 22:29 - 2014-08-08 22:29 - 00026837 _____ () C:\ComboFix.txt
2014-08-08 22:04 - 2014-08-08 22:06 - 05568206 ____R (Swearware) C:\Users\Ciza\Desktop\ComboFix.exe
2014-08-05 12:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-05 12:21 - 2014-08-05 12:23 - 00000000 ____D () C:\AdwCleaner
2014-08-05 12:19 - 2014-08-05 12:19 - 00007082 _____ () C:\Users\Ciza\Desktop\JRT.txt
2014-08-05 12:14 - 2014-08-05 12:14 - 00000000 ____D () C:\Windows\ERUNT
2014-08-05 12:09 - 2014-08-05 12:10 - 01361309 _____ () C:\Users\Ciza\Desktop\adwcleaner_3.302.exe
2014-08-05 12:09 - 2014-08-05 12:09 - 01016261 _____ (Thisisu) C:\Users\Ciza\Desktop\JRT.exe
2014-08-05 11:37 - 2014-08-05 11:37 - 00000000 ____D () C:\Program Files\trend micro
2014-08-05 11:33 - 2014-08-05 11:33 - 01222144 _____ () C:\Users\Ciza\Downloads\RSITx64.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-400809872-2928890687-518477650-1000.job => C:\Users\Ciza\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\Temp:8927A071

Hosts:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Cizap · #11 Příspěvek od **Cizap** » 14 srp 2014 10:23

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2014 01
Ran by Ciza at 2014-08-14 11:14:07 Run:1
Running from C:\Users\Ciza\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [BCSSync] => D:\Programs\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ciza\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Run: [DellSystemDetect] => C:\Users\Ciza\AppData\Local\Apps\2.0\B1PPDJ7X.Z10\KOWMMD46.GY9\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-12] (Dell)
HKU\S-1-5-21-400809872-2928890687-518477650-1000\...\Policies\Explorer: []

U3 ac1cb3jd; C:\Windows\System32\Drivers\ac1cb3jd.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 fkhwqzce; \??\C:\Windows\system32\drivers\fkhwqzce.sys [X]
C:\Windows\system32\drivers\fkhwqzce.sys

2014-08-12 14:54 - 2014-08-12 14:54 - 00024307 _____ () C:\Users\Ciza\Desktop\FRST.txt
2014-08-12 14:50 - 2014-08-12 14:50 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Desktop\FRSTLauncher.exe
2014-08-12 14:48 - 2014-08-12 14:48 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Downloads\Nepotvrzeno 888595.crdownload
2014-08-12 14:45 - 2014-08-12 14:45 - 00112640 _____ (forum.viry.cz) C:\Users\Ciza\Downloads\Nepotvrzeno 334222.crdownload
2014-08-11 13:28 - 2014-08-11 13:15 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-11 13:17 - 2014-08-11 13:39 - 00028304 _____ () C:\zoek-results.log
2014-08-11 13:15 - 2014-08-11 13:26 - 00000000 ____D () C:\zoek_backup
2014-08-11 13:14 - 2014-08-11 13:15 - 01288704 _____ () C:\Users\Ciza\Desktop\zoek.exe
2014-08-08 22:29 - 2014-08-08 22:29 - 00026837 _____ () C:\ComboFix.txt
2014-08-08 22:04 - 2014-08-08 22:06 - 05568206 ____R (Swearware) C:\Users\Ciza\Desktop\ComboFix.exe
2014-08-05 12:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-05 12:21 - 2014-08-05 12:23 - 00000000 ____D () C:\AdwCleaner
2014-08-05 12:19 - 2014-08-05 12:19 - 00007082 _____ () C:\Users\Ciza\Desktop\JRT.txt
2014-08-05 12:14 - 2014-08-05 12:14 - 00000000 ____D () C:\Windows\ERUNT
2014-08-05 12:09 - 2014-08-05 12:10 - 01361309 _____ () C:\Users\Ciza\Desktop\adwcleaner_3.302.exe
2014-08-05 12:09 - 2014-08-05 12:09 - 01016261 _____ (Thisisu) C:\Users\Ciza\Desktop\JRT.exe
2014-08-05 11:37 - 2014-08-05 11:37 - 00000000 ____D () C:\Program Files\trend micro
2014-08-05 11:33 - 2014-08-05 11:33 - 01222144 _____ () C:\Users\Ciza\Downloads\RSITx64.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-400809872-2928890687-518477650-1000.job => C:\Users\Ciza\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\Temp:8927A071

Hosts:
Reboot:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LogMeIn Hamachi Ui => value deleted successfully.
HKU\S-1-5-21-400809872-2928890687-518477650-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully.
HKU\S-1-5-21-400809872-2928890687-518477650-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
HKU\S-1-5-21-400809872-2928890687-518477650-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DellSystemDetect => value deleted successfully.
HKU\S-1-5-21-400809872-2928890687-518477650-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
ac1cb3jd => Service deleted successfully.
catchme => Service deleted successfully.
fkhwqzce => Service deleted successfully.
"C:\Windows\system32\drivers\fkhwqzce.sys" => File/Directory not found.
C:\Users\Ciza\Desktop\FRST.txt => Moved successfully.
"C:\Users\Ciza\Desktop\FRSTLauncher.exe" => File/Directory not found.
"C:\Users\Ciza\Downloads\Nepotvrzeno 888595.crdownload" => File/Directory not found.
"C:\Users\Ciza\Downloads\Nepotvrzeno 334222.crdownload" => File/Directory not found.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Ciza\Desktop\zoek.exe => Moved successfully.
C:\ComboFix.txt => Moved successfully.
C:\Users\Ciza\Desktop\ComboFix.exe => Moved successfully.
C:\Windows\SysWOW64\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Ciza\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Ciza\Desktop\adwcleaner_3.302.exe => Moved successfully.
C:\Users\Ciza\Desktop\JRT.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\Ciza\Downloads\RSITx64.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-400809872-2928890687-518477650-1000.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\Temp => ":8927A071" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

The system needed a reboot.

==== End of Fixlog ====

#12 Příspěvek od **vyosek** » 14 srp 2014 10:43

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Cizap · #13 Příspěvek od **Cizap** » 18 srp 2014 12:54

Tak jsem se sem konečně dostal a provedl vyčištění. Všechno už šlape jak má a já všem moc děkuji

odvádíte skvělou práci. Mějte se zatím hezky. Muže se lock

#14 Příspěvek od **vyosek** » 18 srp 2014 13:08

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Reklamy v PC log RSIT

Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT

Re: Reklamy v PC log RSIT