Pomale PC + RSIT

Zpráva

kocour123 · #1 Příspěvek od **kocour123** » 09 srp 2014 09:34

Hi,
mam zpomaleny PC, asi jsem neco chytil, ale Avast nic nenasel. Prosim o kontrolu. Posilam 1/2Logfile of random's system information tool 1.10 (written by random/random)
Run by new at 2014-08-09 09:29:21
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 35 GB (25%) free of 138 GB
Total RAM: 4055 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:29:26, on 09/08/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\WallpaperSS\WallpaperSS.exe
C:\Users\new\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\new.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.search.yahoo.com/?type=93781 ... got-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Deal Keeper - {1ec8187a-6435-44e3-bbe4-6ce6d3c69254} - C:\Program Files (x86)\Deal Keeper\DealKeeperbho.dll
O2 - BHO: Browser Extensions - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\new\AppData\Roaming\Browser Extensions\Coupons.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files (x86)\WallpaperSS\WallpaperSS.exe
O4 - HKCU\..\Run: [SearchProtection] "C:\Users\new\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
O4 - HKCU\..\Run: [Browser Extensions] "C:\Users\new\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\new\AppData\Local\Apps\2.0\NGAPRWHV.TY8\7H7O4R4E.7H1\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Tapety 2.12.lnk = C:\Program Files (x86)\Tapety 2.12\Tapety.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bing Desktop Update service (BingDesktopUpdate) - Unknown owner - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Deal Keeper - Unknown owner - C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10569 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Dell\DellDock\DockLogin.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\bcmwltry.exe
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe"
taskeng.exe {C8F0A099-0770-46EE-AF71-5A1C52DD791F}
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe"
"C:\Windows\system32\Dwm.exe"
taskeng.exe {BB0486EA-3AB4-4FD4-9754-6B5730AE033B}
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
"C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\WINDOWS\System32\hkcmd.exe"
"C:\WINDOWS\System32\igfxpers.exe"
"C:\WINDOWS\System32\WLTRAY.EXE"
"C:\Program Files\Dell\QuickSet\quickset.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\WINDOWS\ehome\ehtray.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\WallpaperSS\WallpaperSS.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Users\new\AppData\Roaming\Search Protection\SearchProtection.exe" /autostart
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
"C:\Users\new\AppData\Local\Apps\2.0\NGAPRWHV.TY8\7H7O4R4E.7H1\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe"
"C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"Apntex.exe"
"C:\Program Files\DellTPad\HidFind.exe"
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
taskeng.exe {4E8CEE97-AC86-46E7-845D-44FC43CA1A02}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 644 648 656 65536 652
"C:\Users\new\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]
Browser Extensions - C:\Users\new\AppData\Roaming\Browser Extensions\Coupons64.dll [2014-07-29 730472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-02 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}]
Deal Keeper - C:\Program Files (x86)\Deal Keeper\DealKeeperbho.dll [2014-07-19 249632]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]
Browser Extensions - C:\Users\new\AppData\Roaming\Browser Extensions\Coupons.dll [2014-07-29 610152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-06 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-02 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-06 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1584184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2009-03-31 305664]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-03-31 154648]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-03-31 227352]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-03-31 202264]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-12-21 4119552]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2009-03-27 2115664]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-06-15 178712]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-02-26 487424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"WallpaperSS"=C:\Program Files (x86)\WallpaperSS\WallpaperSS.exe [2012-05-03 460864]
"SearchProtection"=C:\Users\new\AppData\Roaming\Search Protection\SearchProtection.EXE [2014-07-31 878440]
"Browser Extensions"=C:\Users\new\AppData\Roaming\Browser Extensions\CouponsHelper.exe [2014-07-29 962408]
"Sony PC Companion"=C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2014-05-23 466656]
"DellSystemDetect"=C:\Users\new\AppData\Local\Apps\2.0\NGAPRWHV.TY8\7H7O4R4E.7H1\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [2014-06-23 262720]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"=C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-04-24 250192]
"DellSupportCenter"=C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe /P DellSupportCenter []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-02 4086432]
"BingDesktop"=C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey []
"ApnTBMon"=C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2014-07-31 1957784]

C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Tapety 2.12.lnk - C:\Program Files (x86)\Tapety 2.12\Tapety.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-03-31 230400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"EnableLinkedConnections"=1 logu RSIT.

Log:

#2 Příspěvek od **vyosek** » 09 srp 2014 09:46

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

kocour123 · #3 Příspěvek od **kocour123** » 09 srp 2014 10:44

Log JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by new on 09/08/2014 at 10:23:56.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] APNMCP
Successfully deleted: [Service] APNMCP

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\new\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\new\AppData\Roaming\search protection"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"
Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork"

~~~ FireFox

Successfully deleted the following from C:\Users\new\AppData\Roaming\mozilla\firefox\profiles\80dz04l1.default\prefs.js

user_pref("extensions.ORJ-SPE.domain", "\"www.search.ask.com\"");
user_pref("extensions.ORJ-SPE.hpr_ff", "\"hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN1 ... =%5EOSJ000
Emptied folder: C:\Users\new\AppData\Roaming\mozilla\firefox\profiles\80dz04l1.default\minidumps [11 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/08/2014 at 10:37:10.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log Adw:

# AdwCleaner v3.304 - Report created 09/08/2014 at 10:39:03
# Updated 08/08/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : new - NEW-PC
# Running from : C:\Users\new\Desktop\adwcleaner_3.304.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update Deal Keeper
Service Deleted : wltrysvc

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\systemk
[!] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[!] Folder Deleted : C:\Program Files (x86)\enformation
[!] Folder Deleted : C:\Program Files (x86)\Deal Keeper
[!] Folder Deleted : C:\Users\new\AppData\Local\AskPartnerNetwork
[!] Folder Deleted : C:\Users\new\AppData\Local\Temp\apn
[!] Folder Deleted : C:\Users\new\AppData\Local\Temp\Deal Keeper
[!] Folder Deleted : C:\Users\new\AppData\Roaming\Browser Extensions
File Deleted : C:\Windows\System32\WLTRYSVC.EXE
File Deleted : C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\searchplugins\ask-search.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ba0ab49b-34a1-4c36-bb3b-e6f458974507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Deal Keeper
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
Key Deleted : HKCU\Software\AppDataLow\Software\enformation
Key Deleted : HKLM\Software\Deal Keeper
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\enformation
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\enformation
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Keeper

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\prefs.js ]

Line Deleted : user_pref("extensions.ORJ-SPE.domain", "\"www.search.ask.com\"");
Line Deleted : user_pref("extensions.ORJ-SPE.hpr_ff", "\"hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN1 ... _dbr=ff_31.[...]
Line Deleted : user_pref("extensions.toolbar_ORJ-SPE@apn.ask.com.install-event-fired", true);
Line Deleted : user_pref("imtranslator.ImTranslatorSelectedText", "This%20browser%20error%20assistant%20page%20is%20designed%20to%20help%20you%20when%20you%20mistype%20an%20address%20or%20the%20website%20is%20unavai[...]

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R5].txt - [10443 octets] - [09/08/2014 10:37:44]
AdwCleaner[S5].txt - [8833 octets] - [09/08/2014 10:39:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [8893 octets] ##########

#4 Příspěvek od **vyosek** » 09 srp 2014 13:20

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

kocour123 · #5 Příspěvek od **kocour123** » 09 srp 2014 14:22

Log Zoek:

Zoek.exe v5.0.0.0 Updated 07-August-2014
Tool run by new on 09/08/2014 at 13:42:32.19.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\new\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

09/08/2014 13:43:34 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1710971718-3430145923-3092330257-1000\Software\Microsoft\Internet Explorer\SearchScopes\{89D7D193-E7F6-43EF-8EED-86BDEF79F839} deleted successfully
HKEY_USERS\S-1-5-21-1710971718-3430145923-3092330257-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} deleted successfully
HKEY_USERS\S-1-5-21-1710971718-3430145923-3092330257-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.co.uk/");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "default-search.net");
user_pref("browser.search.selectedEngine", "default-search.net");
user_pref("browser.search.order.1", "default-search.net");
user_pref("extensions.APN_TB.first-previous-keyword-url", "");
user_pref("extensions.ORJ-SPE.my-keyword-url", "\"\"");
user_pref("extensions.ORJ-SPE.previous-keyword-url", "\"https://uk.search.yahoo.com/search?fr=g ... =937811&p=\"");
user_pref("extensions.ORJ-V7C.my-keyword-url", "\"\"");
user_pref("extensions.ORJ-V7C.previous-keyword-url", "\"\"");
user_pref("keyword.URL", "http://www.default-search.net/search?si ... &src=ds&p=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.APN_TB.first-previous-keyword-url", "");
user_pref("extensions.ORJ-SPE.my-keyword-url", "\"\"");
user_pref("extensions.ORJ-SPE.previous-keyword-url", "\"https://uk.search.yahoo.com/search?fr=g ... =937811&p=\"");
user_pref("extensions.ORJ-V7C.my-keyword-url", "\"\"");
user_pref("extensions.ORJ-V7C.previous-keyword-url", "\"\"");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default

user.js not found
---- Lines mybrowserbar removed from prefs.js ----
user_pref("extensions.saamazon@mybrowserbar.com.install-event-fired", true);
user_pref("extensions.saebay@mybrowserbar.com.install-event-fired", true);
user_pref("extensions.savingsslider@mybrowserbar.com.install-event-fired", true);
---- FireFox user.js and prefs.js backups ----

prefs_072014_1305_.backup
prefs_082014_1400_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Wideblue installer deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\default-search.xml deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\new\AppData\Roaming\OpenCandy deleted
C:\PROGRA~3\hpe4F6A.dll deleted
C:\Users\new\Searches deleted
C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\searchplugins\default-search.xml deleted
"C:\PROGRA~2\Settings Manager\smdmf\x64\del_DM_LL_nszA652.dll" deleted
"C:\PROGRA~2\Settings Manager" not deleted
"C:\PROGRA~2\Settings Manager\smdmf" not deleted
"C:\PROGRA~2\Settings Manager\smdmf\x64" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/07/2014 15:31]

==== Firefox Extensions ======================

ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default
- Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Linkey for Firefox - %ProfilePath%\extensions\extension@linkeyproject.com
- ColorfulTabs - %ProfilePath%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Download Manager S3 - %ProfilePath%\extensions\s3download@statusbar.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Quick Translator - %ProfilePath%\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
- ImTranslator - %ProfilePath%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

==== Deleted Firefox Extensions ======================

C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\extensions\extension@linkeyproject.com deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fpmeembnagmagppkgghhfjfdfajdfcah - C:\Users\new\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx[17/07/2014 10:56]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/07/2014 15:31]

Google Translate - new\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb
Beautiful landscape - new\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig
avast Online Security - new\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
ImTranslator Google Translate - new\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh

==== Chromium Startpages ======================

C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://google.co.uk/",

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.default-search.net?sid=503&a ... 34&src=hmp"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{A73BABC1-F83A-46EB-9CA8-0D6C489E5E5E} Bing Url="http://www.bing.com/search?FORM=BDT3DF& ... -SearchBox"

==== Reset Google Chrome ======================

C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\new\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\new\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\new\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\new\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\new\AppData\Local\Mozilla\Firefox\Profiles\80dz04l1.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=157 folders=36 84366278 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\new\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\new\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\new\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\PROGRA~2\Settings Manager" not found

==== EOF on 09/08/2014 at 14:19:44.97 ======================

#6 Příspěvek od **vyosek** » 09 srp 2014 15:40

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

kocour123 · #7 Příspěvek od **kocour123** » 09 srp 2014 15:58

Log FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014
Ran by new (administrator) on NEW-PC on 09-08-2014 15:52:01
Running from C:\Users\new\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\stacsv64.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Dell Inc.) C:\WINDOWS\System32\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Gianpaolo Bottin) C:\Program Files (x86)\WallpaperSS\WallpaperSS.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Anvsoft Inc.) C:\Program Files (x86)\AnvSoft\Any Video Converter\AVCFree.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [4119552 2008-12-21] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [2115664 2009-03-27] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-15] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-26] (IDT, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [DellSupportCenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-02] (AVAST Software)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1710971718-3430145923-3092330257-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1710971718-3430145923-3092330257-1000\...\Run: [WallpaperSS] => C:\Program Files (x86)\WallpaperSS\WallpaperSS.exe [460864 2012-05-03] (Gianpaolo Bottin)
HKU\S-1-5-21-1710971718-3430145923-3092330257-1000\...\Run: [Browser Extensions] => "C:\Users\new\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
HKU\S-1-5-21-1710971718-3430145923-3092330257-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-1710971718-3430145923-3092330257-1000\...\Run: [DellSystemDetect] => C:\Users\new\AppData\Local\Apps\2.0\NGAPRWHV.TY8\7H7O4R4E.7H1\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-23] (Dell)
AppInit_DLLs: C:\Users\new\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\new\AppData\Local\Linkey\IEExtension\iedll64.dll [202256 2014-07-17] (Aztec Media Inc)
AppInit_DLLs-x32: C:\Users\new\AppData\Local\Linkey\IEEXTE~1\iedll.dll => C:\Users\new\AppData\Local\Linkey\IEExtension\iedll.dll [175632 2014-07-17] (Aztec Media Inc)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tapety 2.12.lnk
ShortcutTarget: Tapety 2.12.lnk -> C:\Program Files (x86)\Tapety 2.12\Tapety.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\new\AppData\Local\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\new\AppData\Local\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: ColorfulTabs - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-07-24]
FF Extension: DownloadHelper - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-08]
FF Extension: Download Manager (S3) - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\Extensions\s3download@statusbar.xpi [2014-06-25]
FF Extension: Google Translator for Firefox - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\Extensions\translator@zoli.bod.xpi [2014-08-09]
FF Extension: ImTranslator - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-06-24]
FF Extension: DownThemAll! - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\80dz04l1.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-06-25]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-22]

Chrome:
=======
CHR Extension: (Google Translate) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-08-08]
CHR Extension: (Beautiful landscape) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-08-08]
CHR Extension: (Google Docs) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-11]
CHR Extension: (Google Drive) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-11]
CHR Extension: (YouTube) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-11]
CHR Extension: (Google Search) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-11]
CHR Extension: (avast! Online Security) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-04]
CHR Extension: (Chrono Download Manager) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2014-08-08]
CHR Extension: (Google Wallet) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-22]
CHR Extension: (ImTranslator: Google Translate) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2014-08-01]
CHR Extension: (Gmail) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-11]
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\new\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-08-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-02] (AVAST Software)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NBService; C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe [265552 2014-05-10] (Nero AG)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\STacSV64.exe [244736 2010-02-26] (IDT, Inc.)
S2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-07-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [426848 2014-07-02] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-07-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-02] ()
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2009-06-18] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
S3 SPPD; C:\Windows\system32\drivers\SPPD.sys [21464 2014-07-18] ()
S3 cpuz134; \??\C:\Users\new\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 15:52 - 2014-08-09 15:53 - 00018106 _____ () C:\Users\new\Desktop\FRST.txt
2014-08-09 15:51 - 2014-08-09 15:52 - 00000000 ____D () C:\FRST
2014-08-09 15:50 - 2014-08-09 15:50 - 02094080 _____ (Farbar) C:\Users\new\Desktop\FRST64.exe
2014-08-09 14:42 - 2014-08-09 14:42 - 00000000 ____D () C:\Users\new\Desktop\DVD_PAL
2014-08-09 14:23 - 2014-08-09 14:23 - 00012247 _____ () C:\Users\new\Desktop\zoek-results.txt
2014-08-09 14:07 - 2014-08-09 13:42 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-09 13:43 - 2014-08-09 14:19 - 00012247 _____ () C:\zoek-results.log
2014-08-09 13:42 - 2014-08-09 14:03 - 00000000 ____D () C:\zoek_backup
2014-08-09 13:41 - 2014-08-09 13:41 - 01288704 _____ () C:\Users\new\Desktop\zoek.exe
2014-08-09 11:28 - 2014-08-09 11:30 - 00000000 ____D () C:\Users\new\AppData\Roaming\Skype
2014-08-09 11:28 - 2014-08-09 11:28 - 00000000 ____D () C:\Users\new\AppData\Local\Skype
2014-08-09 11:27 - 2014-08-09 11:30 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 11:26 - 2014-08-09 13:16 - 00000000 ____D () C:\Users\new\Desktop\programy na mobil
2014-08-09 11:25 - 2014-08-09 11:25 - 00000000 ____D () C:\Users\new\AppData\Roaming\FirefoxToolbar
2014-08-09 11:25 - 2014-08-09 11:25 - 00000000 ____D () C:\Users\new\AppData\Local\Linkey
2014-08-09 11:24 - 2014-08-09 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-09 11:24 - 2014-08-09 11:25 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-09 11:23 - 2014-08-09 11:24 - 00000000 ____D () C:\Users\new\AppData\Roaming\DVDVideoSoft
2014-08-09 10:37 - 2014-08-09 10:39 - 00000000 ____D () C:\AdwCleaner
2014-08-09 10:37 - 2014-08-09 10:37 - 00002610 _____ () C:\Users\new\Desktop\JRT.txt
2014-08-09 10:22 - 2014-08-09 10:22 - 01366203 _____ () C:\Users\new\Desktop\adwcleaner_3.304.exe
2014-08-09 10:21 - 2014-08-09 10:22 - 01016261 _____ (Thisisu) C:\Users\new\Desktop\JRT.exe
2014-08-09 09:29 - 2014-08-09 09:29 - 00000000 ____D () C:\rsit
2014-08-09 09:28 - 2014-08-09 09:28 - 01222144 _____ () C:\Users\new\Desktop\RSITx64.exe
2014-08-08 16:45 - 2014-08-08 17:37 - 00000000 ____D () C:\Users\new\Desktop\New Folder
2014-08-08 15:37 - 2014-08-08 15:37 - 00000000 ____D () C:\ProgramData\Sony
2014-08-08 15:37 - 2014-08-08 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-08-08 15:37 - 2014-08-08 15:37 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-08-08 15:12 - 2014-08-08 15:12 - 00000000 ____D () C:\Users\new\AppData\Local\Sony Ericsson
2014-08-08 15:12 - 2014-08-08 15:12 - 00000000 ____D () C:\ProgramData\BVRP Software
2014-08-08 15:08 - 2014-08-09 13:11 - 00639954 _____ () C:\Windows\DpInst.log
2014-08-08 15:08 - 2014-08-08 15:08 - 00000000 ____D () C:\ProgramData\Sony Ericsson
2014-08-06 19:04 - 2014-08-06 19:03 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 19:03 - 2014-08-06 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 19:03 - 2014-08-06 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 19:03 - 2014-08-06 19:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 19:03 - 2014-08-06 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 19:03 - 2014-08-06 19:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-02 15:42 - 2014-08-02 15:42 - 00000000 ____D () C:\Users\new\AppData\Roaming\Nikon
2014-08-02 15:42 - 2014-08-02 15:42 - 00000000 ____D () C:\Users\new\AppData\Local\Nikon
2014-08-02 12:21 - 2014-08-02 12:21 - 00000000 ____D () C:\Program Files (x86)\DownloadToolz
2014-08-01 12:38 - 2014-08-01 15:06 - 1367545102 _____ () C:\Users\new\Desktop\Pamatkari-Monuments-Men,-The-2014-cesky-dabing+forced-cz-tit-v-obraze.avi
2014-08-01 12:21 - 2014-08-09 15:26 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 12:21 - 2014-08-09 14:19 - 00000942 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-29 14:10 - 2014-07-29 14:10 - 00000000 ____D () C:\Users\new\AppData\Roaming\AVG
2014-07-29 14:10 - 2014-07-29 14:10 - 00000000 ____D () C:\Users\new\AppData\Local\AVG
2014-07-29 14:08 - 2014-08-09 11:26 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-07-29 14:08 - 2014-07-29 14:11 - 00000000 ____D () C:\ProgramData\AVG
2014-07-29 14:03 - 2014-07-29 14:03 - 00000000 ____D () C:\Users\new\Documents\Any Video Converter
2014-07-29 14:03 - 2014-07-29 14:03 - 00000000 ____D () C:\Users\new\AppData\Roaming\AnvSoft
2014-07-29 14:03 - 2014-07-29 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-07-29 14:03 - 2014-07-29 14:03 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-07-26 00:59 - 2014-07-26 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Softendo.com
2014-07-23 16:59 - 2014-08-08 16:08 - 00001300 _____ () C:\Users\new\AppData\Roaming\wklnhst.dat
2014-07-23 16:59 - 2014-07-23 16:59 - 00000000 ____D () C:\Users\new\AppData\Roaming\Template
2014-07-23 14:38 - 2014-07-23 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-07-23 14:38 - 2014-07-23 14:38 - 00000000 ____D () C:\GOG Games
2014-07-22 20:19 - 2014-07-25 11:15 - 00000000 ____D () C:\Users\new\Desktop\CV and motivacni dopis
2014-07-21 13:38 - 2014-07-21 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return To Castle Wolfenstein
2014-07-21 13:36 - 2014-07-21 13:36 - 00000000 ____D () C:\Program Files (x86)\Return To Castle Wolfenstein
2014-07-21 12:29 - 2014-07-21 12:29 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DFIncBackup Std
2014-07-18 15:51 - 2014-07-18 15:51 - 00525792 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-07-18 15:50 - 2014-07-18 19:11 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-07-18 15:50 - 2014-07-18 15:50 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-07-18 15:50 - 2014-02-26 15:16 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-07-18 15:49 - 2014-07-18 20:17 - 00021464 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-07-17 15:04 - 2014-07-17 15:04 - 00000000 ____D () C:\Windows\System32\Tasks\Auslogics
2014-07-17 15:03 - 2014-07-17 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-07-17 15:03 - 2014-07-17 15:03 - 00000000 ____D () C:\ProgramData\Auslogics
2014-07-17 15:03 - 2014-07-17 15:03 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-07-16 19:55 - 2014-07-24 18:03 - 00000000 ____D () C:\Users\new\AppData\Local\Microsoft Games
2014-07-16 12:54 - 2014-07-16 12:54 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-07-16 12:51 - 2014-07-16 12:54 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-07-16 11:49 - 2014-07-16 11:54 - 00000000 ____D () C:\Users\new\AppData\Roaming\WallpaperSS
2014-07-16 11:48 - 2014-07-16 12:20 - 00000000 ____D () C:\Program Files (x86)\WallpaperSS
2014-07-15 12:14 - 2014-07-15 12:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2014-07-15 11:10 - 2014-07-15 11:42 - 00000000 ____D () C:\Program Files (x86)\PhotoFiltre 7
2014-07-15 11:10 - 2014-07-15 11:10 - 00000000 ____D () C:\Users\new\AppData\Roaming\PhotoFiltre 7
2014-07-15 11:10 - 2014-07-15 11:10 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2014-07-15 11:10 - 2014-07-15 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2014-07-14 08:13 - 2014-07-14 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-13 01:14 - 2014-07-13 01:14 - 00000000 ____D () C:\Users\new\Documents\NFS Most Wanted
2014-07-12 22:24 - 2014-07-12 22:24 - 00000000 ____D () C:\Users\new\Documents\Criterion Games
2014-07-12 14:58 - 2014-07-12 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-07-12 14:55 - 2014-07-12 14:56 - 00000000 ____D () C:\NFSMWDemo
2014-07-11 18:48 - 2014-07-11 18:49 - 00000000 ____D () C:\Users\new\Documents\Puzzle Quest
2014-07-11 18:45 - 2014-07-11 18:47 - 00000000 ____D () C:\Program Files (x86)\Puzzle Quest
2014-07-11 18:45 - 2014-07-11 18:45 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-07-11 18:45 - 2014-07-11 18:45 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-07-11 18:45 - 2014-07-11 18:45 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-07-11 18:45 - 2014-07-11 18:45 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-07-11 18:45 - 2014-07-11 18:45 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Puzzle Quest
2014-07-11 18:45 - 2014-07-11 18:45 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-10 15:11 - 2014-07-10 15:11 - 00000000 ____D () C:\Windows\ERUNT
2014-07-10 12:03 - 2014-07-10 12:03 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-10 12:03 - 2014-07-10 12:03 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 15:53 - 2014-08-09 15:52 - 00018106 _____ () C:\Users\new\Desktop\FRST.txt
2014-08-09 15:52 - 2014-08-09 15:51 - 00000000 ____D () C:\FRST
2014-08-09 15:50 - 2014-08-09 15:50 - 02094080 _____ (Farbar) C:\Users\new\Desktop\FRST64.exe
2014-08-09 15:31 - 2014-06-22 12:10 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-09 15:26 - 2014-08-01 12:21 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 15:00 - 2014-06-22 19:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 14:42 - 2014-08-09 14:42 - 00000000 ____D () C:\Users\new\Desktop\DVD_PAL
2014-08-09 14:23 - 2014-08-09 14:23 - 00012247 _____ () C:\Users\new\Desktop\zoek-results.txt
2014-08-09 14:20 - 2009-09-21 22:02 - 02083124 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 14:19 - 2014-08-09 13:43 - 00012247 _____ () C:\zoek-results.log
2014-08-09 14:19 - 2014-08-01 12:21 - 00000942 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-09 14:10 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-09 14:10 - 2006-11-02 16:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 14:10 - 2006-11-02 16:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 14:09 - 2008-01-21 04:26 - 00621572 _____ () C:\Windows\PFRO.log
2014-08-09 14:09 - 2006-11-02 16:42 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-09 14:03 - 2014-08-09 13:42 - 00000000 ____D () C:\zoek_backup
2014-08-09 14:01 - 2014-06-19 05:09 - 00000000 ____D () C:\Users\new
2014-08-09 13:42 - 2014-08-09 14:07 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-09 13:41 - 2014-08-09 13:41 - 01288704 _____ () C:\Users\new\Desktop\zoek.exe
2014-08-09 13:16 - 2014-08-09 11:26 - 00000000 ____D () C:\Users\new\Desktop\programy na mobil
2014-08-09 13:12 - 2009-09-22 03:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-09 13:11 - 2014-08-08 15:08 - 00639954 _____ () C:\Windows\DpInst.log
2014-08-09 12:01 - 2014-06-23 13:40 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-08-09 12:00 - 2006-11-02 13:46 - 00763562 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-09 11:57 - 2014-06-25 11:38 - 00000000 ____D () C:\Users\new\Desktop\mnauuu moje filmy mnauuu
2014-08-09 11:30 - 2014-08-09 11:28 - 00000000 ____D () C:\Users\new\AppData\Roaming\Skype
2014-08-09 11:30 - 2014-08-09 11:27 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 11:28 - 2014-08-09 11:28 - 00000000 ____D () C:\Users\new\AppData\Local\Skype
2014-08-09 11:26 - 2014-07-29 14:08 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-09 11:25 - 2014-08-09 11:25 - 00000000 ____D () C:\Users\new\AppData\Roaming\FirefoxToolbar
2014-08-09 11:25 - 2014-08-09 11:25 - 00000000 ____D () C:\Users\new\AppData\Local\Linkey
2014-08-09 11:25 - 2014-08-09 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-08-09 11:25 - 2014-08-09 11:24 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-08-09 11:24 - 2014-08-09 11:23 - 00000000 ____D () C:\Users\new\AppData\Roaming\DVDVideoSoft
2014-08-09 10:39 - 2014-08-09 10:37 - 00000000 ____D () C:\AdwCleaner
2014-08-09 10:37 - 2014-08-09 10:37 - 00002610 _____ () C:\Users\new\Desktop\JRT.txt
2014-08-09 10:22 - 2014-08-09 10:22 - 01366203 _____ () C:\Users\new\Desktop\adwcleaner_3.304.exe
2014-08-09 10:22 - 2014-08-09 10:21 - 01016261 _____ (Thisisu) C:\Users\new\Desktop\JRT.exe
2014-08-09 09:29 - 2014-08-09 09:29 - 00000000 ____D () C:\rsit
2014-08-09 09:29 - 2014-06-22 15:03 - 00000000 ____D () C:\Program Files\trend micro
2014-08-09 09:28 - 2014-08-09 09:28 - 01222144 _____ () C:\Users\new\Desktop\RSITx64.exe
2014-08-08 17:37 - 2014-08-08 16:45 - 00000000 ____D () C:\Users\new\Desktop\New Folder
2014-08-08 16:08 - 2014-07-23 16:59 - 00001300 _____ () C:\Users\new\AppData\Roaming\wklnhst.dat
2014-08-08 16:05 - 2006-11-02 16:27 - 00196863 _____ () C:\Windows\setupact.log
2014-08-08 15:37 - 2014-08-08 15:37 - 00000000 ____D () C:\ProgramData\Sony
2014-08-08 15:37 - 2014-08-08 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-08-08 15:37 - 2014-08-08 15:37 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-08-08 15:12 - 2014-08-08 15:12 - 00000000 ____D () C:\Users\new\AppData\Local\Sony Ericsson
2014-08-08 15:12 - 2014-08-08 15:12 - 00000000 ____D () C:\ProgramData\BVRP Software
2014-08-08 15:08 - 2014-08-08 15:08 - 00000000 ____D () C:\ProgramData\Sony Ericsson
2014-08-08 11:13 - 2014-06-22 15:30 - 00000000 ____D () C:\Users\new\AppData\Roaming\vlc
2014-08-07 18:49 - 2014-06-22 12:21 - 00000000 ____D () C:\Users\new\Desktop\programy
2014-08-07 18:46 - 2014-06-26 11:00 - 00000000 ____D () C:\Users\new\Desktop\Mnauuu Hraju si Mnauuu
2014-08-07 11:49 - 2014-06-22 13:26 - 00007208 _____ () C:\Windows\system32\spsys.log
2014-08-06 19:05 - 2014-07-04 10:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 19:03 - 2014-08-06 19:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 19:03 - 2014-08-06 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 19:03 - 2014-08-06 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 19:03 - 2014-08-06 19:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 19:03 - 2014-08-06 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 19:03 - 2014-08-06 19:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-02 15:42 - 2014-08-02 15:42 - 00000000 ____D () C:\Users\new\AppData\Roaming\Nikon
2014-08-02 15:42 - 2014-08-02 15:42 - 00000000 ____D () C:\Users\new\AppData\Local\Nikon
2014-08-02 15:42 - 2014-07-09 12:37 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-08-02 12:21 - 2014-08-02 12:21 - 00000000 ____D () C:\Program Files (x86)\DownloadToolz
2014-08-01 18:48 - 2014-06-25 20:08 - 00000000 ____D () C:\Users\new\Documents\My Games
2014-08-01 15:06 - 2014-08-01 12:38 - 1367545102 _____ () C:\Users\new\Desktop\Pamatkari-Monuments-Men,-The-2014-cesky-dabing+forced-cz-tit-v-obraze.avi
2014-08-01 12:21 - 2014-06-22 11:59 - 00003942 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-01 12:21 - 2014-06-22 11:59 - 00003690 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-01 12:21 - 2014-06-22 11:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-30 17:23 - 2014-06-22 11:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 11:49 - 2014-06-22 11:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 14:11 - 2014-07-29 14:08 - 00000000 ____D () C:\ProgramData\AVG
2014-07-29 14:10 - 2014-07-29 14:10 - 00000000 ____D () C:\Users\new\AppData\Roaming\AVG
2014-07-29 14:10 - 2014-07-29 14:10 - 00000000 ____D () C:\Users\new\AppData\Local\AVG
2014-07-29 14:03 - 2014-07-29 14:03 - 00000000 ____D () C:\Users\new\Documents\Any Video Converter
2014-07-29 14:03 - 2014-07-29 14:03 - 00000000 ____D () C:\Users\new\AppData\Roaming\AnvSoft
2014-07-29 14:03 - 2014-07-29 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-07-29 14:03 - 2014-07-29 14:03 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2014-07-26 01:12 - 2014-07-26 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Softendo.com
2014-07-25 11:15 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\new\Desktop\CV and motivacni dopis
2014-07-25 09:44 - 2014-06-22 14:00 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-25 09:36 - 2006-11-02 14:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-24 20:58 - 2009-09-22 03:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 20:14 - 2014-06-23 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 18:03 - 2014-07-16 19:55 - 00000000 ____D () C:\Users\new\AppData\Local\Microsoft Games
2014-07-23 19:45 - 2014-06-19 05:09 - 00102048 _____ () C:\Users\new\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-23 19:43 - 2006-11-02 16:21 - 00384864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-23 19:31 - 2014-07-09 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-23 19:31 - 2009-09-22 03:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-23 19:19 - 2009-09-22 03:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-23 19:17 - 2006-11-02 16:07 - 00000000 ____D () C:\Windows\ShellNew
2014-07-23 19:16 - 2006-11-02 13:34 - 00000128 _____ () C:\Windows\win.ini
2014-07-23 16:59 - 2014-07-23 16:59 - 00000000 ____D () C:\Users\new\AppData\Roaming\Template
2014-07-23 16:42 - 2009-09-22 03:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-07-23 14:38 - 2014-07-23 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-07-23 14:38 - 2014-07-23 14:38 - 00000000 ____D () C:\GOG Games
2014-07-21 13:38 - 2014-07-21 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return To Castle Wolfenstein
2014-07-21 13:36 - 2014-07-21 13:36 - 00000000 ____D () C:\Program Files (x86)\Return To Castle Wolfenstein
2014-07-21 12:29 - 2014-07-21 12:29 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DFIncBackup Std
2014-07-19 12:24 - 2014-06-22 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-19 12:24 - 2014-06-22 11:30 - 00000803 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 12:24 - 2014-06-19 05:13 - 00000907 _____ () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-07-19 12:24 - 2014-06-19 05:12 - 00000907 _____ () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-18 20:17 - 2014-07-18 15:49 - 00021464 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-07-18 19:31 - 2014-07-09 12:36 - 00000000 ____D () C:\Users\new\AppData\Local\Downloaded Installations
2014-07-18 19:12 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-07-18 19:12 - 2006-11-02 13:33 - 67108864 _____ () C:\Windows\system32\config\software_previous
2014-07-18 19:12 - 2006-11-02 13:33 - 59768832 _____ () C:\Windows\system32\config\components_previous
2014-07-18 19:12 - 2006-11-02 13:33 - 26214400 _____ () C:\Windows\system32\config\system_previous
2014-07-18 19:12 - 2006-11-02 13:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-07-18 19:12 - 2006-11-02 13:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-07-18 19:12 - 2006-11-02 13:33 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-07-18 19:11 - 2014-07-18 15:50 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-07-18 19:11 - 2006-11-02 14:34 - 00000000 ____D () C:\Windows\system32\spool
2014-07-18 19:11 - 2006-11-02 14:33 - 00000000 ____D () C:\Windows\registration
2014-07-18 15:51 - 2014-07-18 15:51 - 00525792 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-07-18 15:50 - 2014-07-18 15:50 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-07-17 15:04 - 2014-07-17 15:04 - 00000000 ____D () C:\Windows\System32\Tasks\Auslogics
2014-07-17 15:03 - 2014-07-17 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-07-17 15:03 - 2014-07-17 15:03 - 00000000 ____D () C:\ProgramData\Auslogics
2014-07-17 15:03 - 2014-07-17 15:03 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-07-16 12:54 - 2014-07-16 12:54 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2014-07-16 12:54 - 2014-07-16 12:51 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-07-16 12:53 - 2014-06-30 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-07-16 12:51 - 2014-06-30 10:16 - 00000000 ____D () C:\ProgramData\Nero
2014-07-16 12:26 - 2014-06-23 13:35 - 00000000 ____D () C:\Users\new\AppData\Roaming\PCDr
2014-07-16 12:20 - 2014-07-16 11:48 - 00000000 ____D () C:\Program Files (x86)\WallpaperSS
2014-07-16 11:54 - 2014-07-16 11:49 - 00000000 ____D () C:\Users\new\AppData\Roaming\WallpaperSS
2014-07-15 12:14 - 2014-07-15 12:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2014-07-15 11:42 - 2014-07-15 11:10 - 00000000 ____D () C:\Program Files (x86)\PhotoFiltre 7
2014-07-15 11:10 - 2014-07-15 11:10 - 00000000 ____D () C:\Users\new\AppData\Roaming\PhotoFiltre 7
2014-07-15 11:10 - 2014-07-15 11:10 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2014-07-15 11:10 - 2014-07-15 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2014-07-14 08:13 - 2014-07-14 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-14 08:13 - 2014-06-22 15:29 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-13 18:50 - 2014-07-04 11:12 - 00000000 ____D () C:\Users\new\AppData\Local\Adobe
2014-07-13 18:50 - 2014-06-22 11:22 - 00000000 ____D () C:\Users\new\AppData\Roaming\Adobe
2014-07-13 01:14 - 2014-07-13 01:14 - 00000000 ____D () C:\Users\new\Documents\NFS Most Wanted
2014-07-12 22:24 - 2014-07-12 22:24 - 00000000 ____D () C:\Users\new\Documents\Criterion Games
2014-07-12 14:58 - 2014-07-12 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-07-12 14:57 - 2009-09-22 03:44 - 00233815 _____ () C:\Windows\DirectX.log
2014-07-12 14:56 - 2014-07-12 14:55 - 00000000 ____D () C:\NFSMWDemo
2014-07-11 18:49 - 2014-07-11 18:48 - 00000000 ____D () C:\Users\new\Documents\Puzzle Quest
2014-07-11 18:47 - 2014-07-11 18:45 - 00000000 ____D () C:\Program Files (x86)\Puzzle Quest
2014-07-11 18:45 - 2014-07-11 18:45 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-07-11 18:45 - 2014-07-11 18:45 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-07-11 18:45 - 2014-07-11 18:45 - 00133632 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-07-11 18:45 - 2014-07-11 18:45 - 00110592 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-07-11 18:45 - 2014-07-11 18:45 - 00000000 ____D () C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Puzzle Quest
2014-07-11 18:45 - 2014-07-11 18:45 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-07-10 15:11 - 2014-07-10 15:11 - 00000000 ____D () C:\Windows\ERUNT
2014-07-10 12:38 - 2014-06-22 16:13 - 00000000 ____D () C:\Program Files (x86)\Seznam.cz
2014-07-10 12:37 - 2014-06-22 16:12 - 00000000 _____ () C:\Windows\SysWOW64\sinstall.log
2014-07-10 12:20 - 2006-11-02 16:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 12:03 - 2014-07-10 12:03 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-10 12:03 - 2014-07-10 12:03 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-07-10 12:03 - 2014-06-23 08:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 12:00 - 2006-11-02 13:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-09 14:24

==================== End Of Log ============================

kocour123 · #8 Příspěvek od **kocour123** » 10 srp 2014 11:52

Mam jeste neco udelat nebo je to v poradku?

#9 Příspěvek od **vyosek** » 10 srp 2014 12:18

Ono je vikend a ja bych se taky rad venoval rodine a svym konickum, pripadne byl v praci

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1710971718-3430145923-3092330257-1000\...\Run: [Browser Extensions] => "C:\Users\new\AppData\Roaming\Browser Extensions\CouponsHelper.exe"

AppInit_DLLs: C:\Users\new\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\new\AppData\Local\Linkey\IEExtension\iedll64.dll [202256 2014-07-17] (Aztec Media Inc)
AppInit_DLLs-x32: C:\Users\new\AppData\Local\Linkey\IEEXTE~1\iedll.dll => C:\Users\new\AppData\Local\Linkey\IEExtension\iedll.dll [175632 2014-07-17] (Aztec Media Inc)
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\new\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-08-09]

S2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [X]

S3 cpuz134; \??\C:\Users\new\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

2014-08-09 15:52 - 2014-08-09 15:53 - 00018106 _____ () C:\Users\new\Desktop\FRST.txt
2014-08-09 14:23 - 2014-08-09 14:23 - 00012247 _____ () C:\Users\new\Desktop\zoek-results.txt
2014-08-09 14:07 - 2014-08-09 13:42 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-09 13:43 - 2014-08-09 14:19 - 00012247 _____ () C:\zoek-results.log
2014-08-09 13:42 - 2014-08-09 14:03 - 00000000 ____D () C:\zoek_backup
2014-08-09 13:41 - 2014-08-09 13:41 - 01288704 _____ () C:\Users\new\Desktop\zoek.exe
2014-08-09 11:25 - 2014-08-09 11:25 - 00000000 ____D () C:\Users\new\AppData\Roaming\FirefoxToolbar
2014-08-09 10:37 - 2014-08-09 10:39 - 00000000 ____D () C:\AdwCleaner
2014-08-09 10:37 - 2014-08-09 10:37 - 00002610 _____ () C:\Users\new\Desktop\JRT.txt
2014-08-09 10:22 - 2014-08-09 10:22 - 01366203 _____ () C:\Users\new\Desktop\adwcleaner_3.304.exe
2014-08-09 10:21 - 2014-08-09 10:22 - 01016261 _____ (Thisisu) C:\Users\new\Desktop\JRT.exe
2014-08-09 09:29 - 2014-08-09 09:29 - 00000000 ____D () C:\rsit
2014-08-09 09:28 - 2014-08-09 09:28 - 01222144 _____ () C:\Users\new\Desktop\RSITx64.exe
2014-08-09 11:25 - 2014-08-09 11:25 - 00000000 ____D () C:\Users\new\AppData\Local\Linkey

Hosts:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

kocour123 · #10 Příspěvek od **kocour123** » 10 srp 2014 14:41

Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014
Ran by new at 2014-08-10 14:35:09 Run:1
Running from C:\Users\new\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1710971718-3430145923-3092330257-1000\...\Run: [Browser Extensions] => "C:\Users\new\AppData\Roaming\Browser Extensions\CouponsHelper.exe"

AppInit_DLLs: C:\Users\new\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\new\AppData\Local\Linkey\IEExtension\iedll64.dll [202256 2014-07-17] (Aztec Media Inc)
AppInit_DLLs-x32: C:\Users\new\AppData\Local\Linkey\IEEXTE~1\iedll.dll => C:\Users\new\AppData\Local\Linkey\IEExtension\iedll.dll [175632 2014-07-17] (Aztec Media Inc)
CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\new\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2014-08-09]

S2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [X]

S3 cpuz134; \??\C:\Users\new\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

2014-08-09 15:52 - 2014-08-09 15:53 - 00018106 _____ () C:\Users\new\Desktop\FRST.txt
2014-08-09 14:23 - 2014-08-09 14:23 - 00012247 _____ () C:\Users\new\Desktop\zoek-results.txt
2014-08-09 14:07 - 2014-08-09 13:42 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-09 13:43 - 2014-08-09 14:19 - 00012247 _____ () C:\zoek-results.log
2014-08-09 13:42 - 2014-08-09 14:03 - 00000000 ____D () C:\zoek_backup
2014-08-09 13:41 - 2014-08-09 13:41 - 01288704 _____ () C:\Users\new\Desktop\zoek.exe
2014-08-09 11:25 - 2014-08-09 11:25 - 00000000 ____D () C:\Users\new\AppData\Roaming\FirefoxToolbar
2014-08-09 10:37 - 2014-08-09 10:39 - 00000000 ____D () C:\AdwCleaner
2014-08-09 10:37 - 2014-08-09 10:37 - 00002610 _____ () C:\Users\new\Desktop\JRT.txt
2014-08-09 10:22 - 2014-08-09 10:22 - 01366203 _____ () C:\Users\new\Desktop\adwcleaner_3.304.exe
2014-08-09 10:21 - 2014-08-09 10:22 - 01016261 _____ (Thisisu) C:\Users\new\Desktop\JRT.exe
2014-08-09 09:29 - 2014-08-09 09:29 - 00000000 ____D () C:\rsit
2014-08-09 09:28 - 2014-08-09 09:28 - 01222144 _____ () C:\Users\new\Desktop\RSITx64.exe
2014-08-09 11:25 - 2014-08-09 11:25 - 00000000 ____D () C:\Users\new\AppData\Local\Linkey

Hosts:
Reboot:
End
*****************

HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-21-1710971718-3430145923-3092330257-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Extensions => value deleted successfully.
"C:\Users\new\AppData\Local\Linkey\IEEXTE~1\iedll64.dll" => Value Data removed successfully.
"C:\Users\new\AppData\Local\Linkey\IEEXTE~1\iedll.dll" => Value Data removed successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah" => Key deleted successfully.
C:\Users\new\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx => Moved successfully.
BingDesktopUpdate => Service deleted successfully.
cpuz134 => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\new\Desktop\FRST.txt => Moved successfully.
C:\Users\new\Desktop\zoek-results.txt => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\new\Desktop\zoek.exe => Moved successfully.
C:\Users\new\AppData\Roaming\FirefoxToolbar => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\new\Desktop\JRT.txt => Moved successfully.
C:\Users\new\Desktop\adwcleaner_3.304.exe => Moved successfully.
C:\Users\new\Desktop\JRT.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\new\Desktop\RSITx64.exe => Moved successfully.
C:\Users\new\AppData\Local\Linkey => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

The system needed a reboot.

==== End of Fixlog ====

#11 Příspěvek od **vyosek** » 10 srp 2014 15:19

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

kocour123 · #12 Příspěvek od **kocour123** » 10 srp 2014 16:05

Moc vam dekuji za vycisteni PC.

#13 Příspěvek od **vyosek** » 11 srp 2014 09:01

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Pomale PC + RSIT

Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT

Re: Pomale PC + RSIT