VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Reklamy kde nebyly + keylogger

https://forum.viry.cz:443/viewtopic.php?t=139679

Stránka 1 z 2

Reklamy kde nebyly + keylogger

Napsal: 14 srp 2014 15:36
od pospec
Dobrý den, včera se mi ukázalo pár reklam na místech, kde dříve nikdy nebyly. Co mě přesvědčil o přítomnosti adwaru byl okamžik, kdy jsem reklamu našel i na stránkách své školy. Následně jsem v programech našel nějaký progam SavePass. To mi našel i avast jako malware a adware v jednom. Bohužel, ani tohle nepomohlo. Ani ruční odinstalace programu. Příkládám tedy log z FRSC.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014 01
Ran by Pospec at 2014-08-14 16:30:33
Running from C:\Users\Pospec\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Reader XI (11.0.07) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11025 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B858CA94-FAA0-3663-01AE-0B0798C61657}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61025.2207 - Advanced Micro Devices, Inc.) Hidden
AmpliTube 3 version 3.8.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.8.0 - IK Multimedia)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.1025.2231.38573 - Název společnosti:) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1025.2230.38573 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1025.2231.38573 - Advanced Micro Devices, Inc.) Hidden
Cubase 5 (HKLM\...\{51AC53CA-6D26-459A-9BDF-53BAEB3E11A3}) (Version: 5.1.2 - Steinberg)
Custom Shop version 1.5.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.5.0 - IK Multimedia)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
EAGLE 6.5.0 (HKLM-x32\...\EAGLE 6.5.0) (Version: 6.5.0 - CadSoft Computer GmbH)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
HP Photosmart B010 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{81830FEF-866C-4DC0-9435-B6287B1EDD8A}) (Version: 14.0 - HP)
HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (x32 Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office XP Web Components (HKLM-x32\...\{90260405-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minecraft1.7.9 (HKLM-x32\...\Minecraft1.7.9) (Version: - )
Mozilla Firefox 28.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 cs)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Controller Editor (Version: 1.5.1.1124 - Native Instruments) Hidden
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version: - Native Instruments)
Native Instruments Guitar Rig 4 (Version: 4.0.8.1559 - Native Instruments) Hidden
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (Version: 5.1.1.2673 - Native Instruments) Hidden
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (Version: 3.0.0.625 - Native Instruments) Hidden
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625 - Native Instruments) Hidden
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (Version: 3.0.0.625 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.2.3.537 - Native Instruments) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{43245B34-BAEA-4716-B877-38E7E7026698}) (Version: 4.10.9764 - Apache Software Foundation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_07_B010_SW_Min (x32 Version: 140.0.224.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM-x32\...\Rocksmith 20141.3) (Version: 1.3 - Ubisoft)
Sada Compatibility Pack pro systém Office 2007 (HKLM-x32\...\{90120000-0020-0405-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

14-08-2014 09:55:39 Naplánovaný kontrolní bod
14-08-2014 14:13:51 Removed Skype™ 6.18

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AE32F95-411E-4F93-906D-7D116CD91B11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17] (Google Inc.)
Task: {29414ABE-ABD3-40C3-8580-0637A1DCC128} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-31] (globalUpdate)
Task: {2A5D17C9-87A5-4443-BBF7-5024A137F1C2} - System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5 => C:\Program Files (x86)\SavePass\e025df07-a424-4e29-adcb-3f14a57a8bb4-5.exe
Task: {2E732F65-E6F3-4FC6-88D2-062FE4568BEC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-17] (AVAST Software)
Task: {3DE609B8-2D72-40C2-9DBB-CC293AD26895} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43F0A6C4-D401-47CF-A24C-909AACB4C402} - System32\Tasks\13201465-79e6-421b-811d-09b73abe8b71 => C:\Program Files (x86)\SavePass\13201465-79e6-421b-811d-09b73abe8b71.exe [2014-07-31] ()
Task: {5B0A4D8D-1E77-4BC1-B985-A0E68B078B73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17] (Google Inc.)
Task: {9AE25D6B-A725-4DC5-A6DD-E4E552768901} - System32\Tasks\{341B0D66-2B05-4F8D-A39E-BA0327CDAFF5} => C:\Users\Pospec\Desktop\Cubase 5.1.2 Minimal 32 & 64bit Installer.exe
Task: {AE1EA882-ABF6-4AE6-AA24-D3DA10B5158A} - System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-11 => C:\Program Files (x86)\SavePass\e025df07-a424-4e29-adcb-3f14a57a8bb4-11.exe
Task: {AF014EC9-E93D-4758-96D6-506AE8F8EE1F} - System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-7 => C:\Program Files (x86)\SavePass\e025df07-a424-4e29-adcb-3f14a57a8bb4-7.exe
Task: {D155561B-AC2A-4666-9301-7BCDF303785F} - System32\Tasks\{C2FD217F-CA71-46EB-818B-0DB70EFA2779} => C:\Users\Pospec\Desktop\Cubase 5.1.2 Minimal 32 & 64bit Installer.exe
Task: {E68C751A-8CED-4AD8-B050-33098863AA61} - System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5_user => C:\Program Files (x86)\SavePass\e025df07-a424-4e29-adcb-3f14a57a8bb4-5.exe
Task: {EA66DBAD-4DED-4CAD-89DF-A3A4615E6989} - System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-1 => C:\Program Files (x86)\SavePass\SavePass-codedownloader.exe
Task: {FC4A9739-A22E-47E0-9756-8F13E6771C0D} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-31] (globalUpdate)
Task: C:\Windows\Tasks\13201465-79e6-421b-811d-09b73abe8b71.job => C:\Program Files (x86)\SavePass\13201465-79e6-421b-811d-09b73abe8b71.exe
Task: C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-1.job => C:\Program Files (x86)\SavePass\SavePass-codedownloader.exe
Task: C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-11.job => C:\Program Files (x86)\SavePass\e025df07-a424-4e29-adcb-3f14a57a8bb4-11.exe
Task: C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5.job => C:\Program Files (x86)\SavePass\e025df07-a424-4e29-adcb-3f14a57a8bb4-5.exe
Task: C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5_user.job => C:\Program Files (x86)\SavePass\e025df07-a424-4e29-adcb-3f14a57a8bb4-5.exe
Task: C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-7.job => C:\Program Files (x86)\SavePass\e025df07-a424-4e29-adcb-3f14a57a8bb4-7.exeî/htPKlQl /EqZChA='SavePass' /YzTCtuIG=61908 /VDSXnF='001504' /LejFzdG='0' /XrkzYxIf='0' /osWuGH=F8373E5C273546488958D9F2E6666333IE /OkoFNyzJ=f170dfce6e219f765aa41941cf3c1760 /DvczpVO=1_34_07_29 /hnwNxgK=1.34.7.29 /iZZHwkypp=1406838572 /OpWSK=http://stats.infogenservice.com /qbPPTed=http://errors.infogenservice.com /wXMVR=http://js.infogenservice.com /UPKRaF=ch /zXKiCY /iKfie=SavePass /FSSyhc3a7e136-fa34-4681-9a9b-1983f4b168f4.dll /NhzuFed2f6645-5ea1-459d-bfb7-683d04f354a0.dll /fFlkIFAme025df07-a424-4e29-adcb-3f14a57a8bb4-64.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-07-31 22:30 - 2014-07-31 22:30 - 00031592 _____ () C:\Program Files (x86)\SavePass\13201465-79e6-421b-811d-09b73abe8b71.exe
2011-10-25 22:29 - 2011-10-25 22:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-14 14:43 - 2014-08-14 09:08 - 02797568 _____ () C:\Program Files\AVAST Software\Avast\defs\14081400\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-17 22:27 - 2014-03-17 22:27 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2014 02:40:24 PM) (Source: MsiInstaller) (EventID: 10005) (User: Pospec-PC)
Description: Product: Bonjour -- A later version of Bonjour is already installed on this computer.

Error: (08/12/2014 03:17:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953

Error: (08/12/2014 03:17:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1953

Error: (08/12/2014 03:17:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2014 00:30:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1969

Error: (08/10/2014 00:30:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1969

Error: (08/10/2014 00:30:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2014 09:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4688

Error: (08/08/2014 09:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4688

Error: (08/08/2014 09:08:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/14/2014 11:50:24 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (08/14/2014 10:44:29 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (08/14/2014 10:44:27 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (08/14/2014 10:44:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (08/14/2014 10:44:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (08/14/2014 10:44:25 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (08/14/2014 10:44:24 AM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR1.

Error: (08/14/2014 10:40:07 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Některé funkce řízení napájení při činnosti procesoru byly zakázány z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.

Error: (08/14/2014 10:40:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (22:40:09, ‎13.‎8.‎2014) bylo neočekávané.

Error: (08/13/2014 06:24:24 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Některé funkce řízení napájení při činnosti procesoru byly zakázány z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 44%
Total physical RAM: 1535.3 MB
Available physical RAM: 854.69 MB
Total Pagefile: 3709.98 MB
Available Pagefile: 2260.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:16.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:21.04 GB) (Free:11.62 GB) NTFS
Drive e: (DATA) (Fixed) (Total:154.03 GB) (Free:34.39 GB) NTFS
Drive h: (Rocksmith 2014) (CDROM) (Total:6.98 GB) (Free:0 GB) UDF
Drive j: () (Removable) (Total:7.38 GB) (Free:3.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 234 GB) (Disk ID: 78239C80)
Partition 1: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=154 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7 GB) (Disk ID: 9FD2FEB2)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=32 KB) - (Type=21)

==================== End Of Log ============================

Re: Reklamy kde nebyly + keylogger

Napsal: 14 srp 2014 15:51
od vyosek
Zdravim :)

:arrow: Poprosim o log FRST.txt

Re: Reklamy kde nebyly + keylogger

Napsal: 14 srp 2014 15:55
od pospec
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 01
Ran by Pospec (administrator) on POSPEC-PC on 14-08-2014 16:27:57
Running from C:\Users\Pospec\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Program Files (x86)\SavePass\13201465-79e6-421b-811d-09b73abe8b71.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3868493786-2768822100-3390419468-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3868493786-2768822100-3390419468-1000\...\MountPoints2: {f87448eb-ae9a-11e3-8f7b-bc5ff45dffe3} - H:\autorun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SavePass -> {11111111-1111-1111-1111-110611191108} -> C:\Program Files (x86)\SavePass\SavePass-bho64.dll (OutBrowse)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: SavePass -> {11111111-1111-1111-1111-110611191108} -> C:\Program Files (x86)\SavePass\SavePass-bho.dll (OutBrowse)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: SavePass - C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default\Extensions\RNEOMVW50611856@ZKVKQ22976610.com [2014-07-31]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-17]

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17]
CHR Extension: (Disk Google) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (YouTube) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Vyhledávání Google) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (AdBlock) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-13]
CHR Extension: (avast! Online Security) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-18]
CHR Extension: (Peněženka Google) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-17]
CHR Extension: (Gmail) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-17] (AVAST Software)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-31] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-31] (globalUpdate) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-17] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-17] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-18] (Disc Soft Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 16:27 - 2014-08-14 16:30 - 00012969 _____ () C:\Users\Pospec\Downloads\FRST.txt
2014-08-14 16:27 - 2014-08-14 16:28 - 00000000 ____D () C:\FRST
2014-08-14 16:24 - 2014-08-14 16:27 - 00001120 _____ () C:\Users\Pospec\Downloads\FRSTLauncher.exe
2014-08-14 16:22 - 2014-08-14 16:24 - 02100224 _____ (Farbar) C:\Users\Pospec\Downloads\FRST64.exe
2014-08-14 13:46 - 2014-08-14 13:46 - 00015778 _____ () C:\Users\Pospec\AppData\Local\recently-used.xbel
2014-08-13 22:34 - 2014-08-13 22:34 - 00111308 _____ () C:\Users\Pospec\Downloads\Desktop.rar
2014-08-13 20:02 - 2014-08-13 20:10 - 00000000 ____D () C:\Users\Pospec\Desktop\wordpress
2014-08-13 20:00 - 2014-08-13 20:02 - 00000000 ____D () C:\Users\Pospec\AppData\Roaming\FileZilla
2014-08-13 20:00 - 2014-08-13 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-13 19:59 - 2014-08-13 20:00 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-13 19:59 - 2014-08-13 19:59 - 00001223 _____ () C:\Users\Pospec\Desktop\Continue FileZilla Installation.lnk
2014-08-13 19:58 - 2014-08-13 19:58 - 06052529 _____ (Tim Kosse) C:\Users\Pospec\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-13 19:58 - 2014-08-13 19:58 - 00741512 _____ () C:\Users\Pospec\Downloads\FileZilla_3.9.0.3_win32-setup (1).exe
2014-08-13 19:54 - 2014-08-13 19:55 - 06725210 _____ () C:\Users\Pospec\Downloads\wordpress-3.9.1-cs_CZ.zip
2014-08-13 16:00 - 2014-08-13 16:00 - 02148864 _____ () C:\Users\Pospec\Downloads\WebCamera [SHAPE GmbH] (v2.6.0 os43)-drAdeLante-ICPDA.rc30c5.ipa
2014-08-13 14:42 - 2011-04-06 17:52 - 00028304 _____ (SHAPE Services GmbH) C:\Windows\system32\Drivers\mobiolavs.sys
2014-08-13 14:37 - 2014-08-13 14:38 - 03757971 _____ () C:\Users\Pospec\Downloads\Mobiola WebCamera for iPhone v2.2.1.42.dmg
2014-08-13 14:35 - 2014-08-13 14:36 - 10305387 _____ () C:\Users\Pospec\Downloads\Mobiola_WebCamera_for_iPhone_Desktop.zip
2014-08-13 14:33 - 2014-08-13 15:33 - 00000000 ____D () C:\Users\Pospec\AppData\Roaming\Skype
2014-08-13 14:33 - 2014-08-13 14:33 - 00000000 ____D () C:\Users\Pospec\AppData\Local\Skype
2014-08-13 14:32 - 2014-08-14 16:15 - 00000000 ____D () C:\ProgramData\Skype
2014-08-13 14:29 - 2014-08-13 14:31 - 35596384 _____ (Skype Technologies S.A.) C:\Users\Pospec\Downloads\SkypeSetupFull.exe
2014-08-11 16:53 - 2014-08-11 16:53 - 00018988 _____ () C:\Users\Pospec\Desktop\Rock Power Trio.gpx
2014-08-11 15:20 - 2014-08-11 16:57 - 00021629 _____ () C:\Users\Pospec\Desktop\We Drink Your Blood.gpx
2014-08-02 18:07 - 2014-08-02 21:50 - 00015410 _____ () C:\Users\Pospec\Desktop\at the end.gpx
2014-07-31 22:32 - 2014-08-14 10:41 - 00001456 _____ () C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5_user.job
2014-07-31 22:32 - 2014-08-14 10:41 - 00001438 _____ () C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5.job
2014-07-31 22:32 - 2014-07-31 22:32 - 00004468 _____ () C:\Windows\System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5
2014-07-31 22:32 - 2014-07-31 22:32 - 00001752 _____ () C:\Users\Pospec\Desktop\Continue WAV to MP3 Converter.lnk
2014-07-31 22:31 - 2014-08-14 10:41 - 00001530 _____ () C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-1.job
2014-07-31 22:31 - 2014-07-31 22:31 - 00004560 _____ () C:\Windows\System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-1
2014-07-31 22:30 - 2014-08-14 16:30 - 00001854 _____ () C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-7.job
2014-07-31 22:30 - 2014-08-14 16:30 - 00000598 _____ () C:\Windows\Tasks\13201465-79e6-421b-811d-09b73abe8b71.job
2014-07-31 22:30 - 2014-07-31 22:30 - 00004884 _____ () C:\Windows\System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-7
2014-07-31 22:30 - 2014-07-31 22:30 - 00003628 _____ () C:\Windows\System32\Tasks\13201465-79e6-421b-811d-09b73abe8b71
2014-07-31 22:29 - 2014-08-14 16:29 - 00003790 _____ () C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-11.job
2014-07-31 22:29 - 2014-08-14 10:41 - 00000924 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-31 22:29 - 2014-08-13 22:34 - 00000928 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-31 22:29 - 2014-08-13 18:20 - 00000000 ____D () C:\Program Files (x86)\SavePass
2014-07-31 22:29 - 2014-07-31 22:29 - 00006820 _____ () C:\Windows\System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-11
2014-07-31 22:29 - 2014-07-31 22:29 - 00003926 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-31 22:29 - 2014-07-31 22:29 - 00003672 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-31 22:29 - 2014-07-31 22:29 - 00000000 ____D () C:\Users\Pospec\AppData\Local\globalUpdate
2014-07-31 22:29 - 2014-07-31 22:29 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-31 22:23 - 2014-07-31 22:23 - 00567376 _____ () C:\Users\Pospec\Downloads\wavtomp3_setup.exe
2014-07-31 22:18 - 2014-07-31 22:19 - 00699016 _____ (CNET Download.com) C:\Users\Pospec\Downloads\cbsidlm-cbsi213-Free_WAV_to_MP3_Converter-SEO-10060500.exe
2014-07-31 22:18 - 2014-07-31 22:18 - 24336014 _____ () C:\Users\Pospec\Desktop\This Is The Life.rar
2014-07-31 21:27 - 2014-07-31 22:22 - 00076272 _____ () C:\Users\Pospec\Desktop\This Is The Life.gpx
2014-07-31 21:25 - 2014-07-31 21:26 - 30437884 _____ () C:\Users\Pospec\Desktop\This Is The Life.wav
2014-07-30 15:23 - 2014-07-30 15:23 - 00096394 _____ () C:\Users\Pospec\Downloads\www-tablatures-tk @ MacDonald, Amy - This Is The Life.gp5
2014-07-29 22:48 - 2014-07-29 22:48 - 00031744 _____ () C:\Users\Pospec\Downloads\stredniskoly.xls
2014-07-29 21:29 - 2014-07-29 21:29 - 00007373 _____ () C:\Users\Pospec\Desktop\Untitled.at3h
2014-07-29 20:31 - 2014-07-29 20:32 - 05657920 _____ () C:\Users\Pospec\Downloads\Authorization_Manager_1.0.9.zip
2014-07-29 20:27 - 2014-07-29 20:27 - 00001213 _____ () C:\Users\Pospec\Desktop\Custom Shop.lnk
2014-07-29 20:23 - 2014-07-29 20:24 - 08600037 _____ () C:\Users\Pospec\Downloads\Custom_Shop_Win_1.5.zip
2014-07-29 16:52 - 2014-07-29 16:53 - 04810432 _____ () C:\Users\Pospec\Downloads\fwd.zip
2014-07-28 14:07 - 2014-07-28 14:08 - 00000000 ___HD () C:\Users\Pospec\Downloads\.picasaoriginals
2014-07-28 11:16 - 2014-07-28 11:42 - 00140930 _____ () C:\Users\Pospec\Downloads\pozvankasecond.xcf
2014-07-28 10:56 - 2014-07-28 12:09 - 00974761 _____ () C:\Users\Pospec\Desktop\pozvanka1.xcf
2014-07-26 19:59 - 2014-07-26 19:59 - 00261120 _____ () C:\Users\Pospec\Downloads\20131117184027171582.xls
2014-07-25 22:53 - 2014-07-25 22:53 - 03049853 _____ () C:\Users\Pospec\Desktop\Desktop.rar
2014-07-24 23:02 - 2014-07-24 23:02 - 03902346 _____ () C:\Users\Pospec\Desktop\10404213_815093051842067_8648131094219472656_n.xcf
2014-07-24 22:34 - 2014-07-29 19:18 - 00000000 ___HD () C:\Users\Pospec\Desktop\.picasaoriginals
2014-07-24 14:39 - 2014-07-26 12:11 - 00025321 _____ () C:\Users\Pospec\Desktop\prvnisong.gpx
2014-07-24 14:03 - 2014-07-24 14:04 - 00011066 _____ () C:\Users\Pospec\Downloads\2014.07.01-12.15.47-odp..mid
2014-07-24 13:59 - 2014-07-24 13:59 - 00001465 _____ () C:\Users\Pospec\Downloads\2014.07.24-20.30.47-odp. (1).mid
2014-07-24 13:58 - 2014-07-24 13:59 - 00001465 _____ () C:\Users\Pospec\Downloads\2014.07.24-20.30.47-odp..mid

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 16:30 - 2014-08-14 16:27 - 00012969 _____ () C:\Users\Pospec\Downloads\FRST.txt
2014-08-14 16:30 - 2014-07-31 22:30 - 00001854 _____ () C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-7.job
2014-08-14 16:30 - 2014-07-31 22:30 - 00000598 _____ () C:\Windows\Tasks\13201465-79e6-421b-811d-09b73abe8b71.job
2014-08-14 16:29 - 2014-07-31 22:29 - 00003790 _____ () C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-11.job
2014-08-14 16:28 - 2014-08-14 16:27 - 00000000 ____D () C:\FRST
2014-08-14 16:27 - 2014-08-14 16:24 - 00001120 _____ () C:\Users\Pospec\Downloads\FRSTLauncher.exe
2014-08-14 16:24 - 2014-08-14 16:22 - 02100224 _____ (Farbar) C:\Users\Pospec\Downloads\FRST64.exe
2014-08-14 16:15 - 2014-08-13 14:32 - 00000000 ____D () C:\ProgramData\Skype
2014-08-14 15:55 - 2014-03-17 22:32 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 13:56 - 2014-04-27 10:28 - 00000000 ____D () C:\Users\Pospec\.gimp-2.8
2014-08-14 13:46 - 2014-08-14 13:46 - 00015778 _____ () C:\Users\Pospec\AppData\Local\recently-used.xbel
2014-08-14 13:33 - 2014-04-27 10:37 - 00000000 ____D () C:\Users\Pospec\AppData\Local\gtk-2.0
2014-08-14 11:55 - 2014-03-17 22:32 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 10:47 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-14 10:47 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-14 10:46 - 2009-07-14 17:18 - 00665706 _____ () C:\Windows\system32\perfh005.dat
2014-08-14 10:46 - 2009-07-14 17:18 - 00139402 _____ () C:\Windows\system32\perfc005.dat
2014-08-14 10:46 - 2009-07-14 07:13 - 01575230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-14 10:43 - 2014-03-17 22:09 - 00626495 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 10:41 - 2014-07-31 22:32 - 00001456 _____ () C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5_user.job
2014-08-14 10:41 - 2014-07-31 22:32 - 00001438 _____ () C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5.job
2014-08-14 10:41 - 2014-07-31 22:31 - 00001530 _____ () C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-1.job
2014-08-14 10:41 - 2014-07-31 22:29 - 00000924 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-14 10:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 10:40 - 2009-07-14 06:51 - 00043009 _____ () C:\Windows\setupact.log
2014-08-13 22:34 - 2014-08-13 22:34 - 00111308 _____ () C:\Users\Pospec\Downloads\Desktop.rar
2014-08-13 22:34 - 2014-07-31 22:29 - 00000928 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-13 20:10 - 2014-08-13 20:02 - 00000000 ____D () C:\Users\Pospec\Desktop\wordpress
2014-08-13 20:02 - 2014-08-13 20:00 - 00000000 ____D () C:\Users\Pospec\AppData\Roaming\FileZilla
2014-08-13 20:00 - 2014-08-13 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-13 20:00 - 2014-08-13 19:59 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-13 19:59 - 2014-08-13 19:59 - 00001223 _____ () C:\Users\Pospec\Desktop\Continue FileZilla Installation.lnk
2014-08-13 19:58 - 2014-08-13 19:58 - 06052529 _____ (Tim Kosse) C:\Users\Pospec\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-13 19:58 - 2014-08-13 19:58 - 00741512 _____ () C:\Users\Pospec\Downloads\FileZilla_3.9.0.3_win32-setup (1).exe
2014-08-13 19:55 - 2014-08-13 19:54 - 06725210 _____ () C:\Users\Pospec\Downloads\wordpress-3.9.1-cs_CZ.zip
2014-08-13 18:33 - 2014-03-17 22:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-13 18:20 - 2014-07-31 22:29 - 00000000 ____D () C:\Program Files (x86)\SavePass
2014-08-13 16:00 - 2014-08-13 16:00 - 02148864 _____ () C:\Users\Pospec\Downloads\WebCamera [SHAPE GmbH] (v2.6.0 os43)-drAdeLante-ICPDA.rc30c5.ipa
2014-08-13 15:33 - 2014-08-13 14:33 - 00000000 ____D () C:\Users\Pospec\AppData\Roaming\Skype
2014-08-13 14:38 - 2014-08-13 14:37 - 03757971 _____ () C:\Users\Pospec\Downloads\Mobiola WebCamera for iPhone v2.2.1.42.dmg
2014-08-13 14:36 - 2014-08-13 14:35 - 10305387 _____ () C:\Users\Pospec\Downloads\Mobiola_WebCamera_for_iPhone_Desktop.zip
2014-08-13 14:33 - 2014-08-13 14:33 - 00000000 ____D () C:\Users\Pospec\AppData\Local\Skype
2014-08-13 14:31 - 2014-08-13 14:29 - 35596384 _____ (Skype Technologies S.A.) C:\Users\Pospec\Downloads\SkypeSetupFull.exe
2014-08-11 16:57 - 2014-08-11 15:20 - 00021629 _____ () C:\Users\Pospec\Desktop\We Drink Your Blood.gpx
2014-08-11 16:53 - 2014-08-11 16:53 - 00018988 _____ () C:\Users\Pospec\Desktop\Rock Power Trio.gpx
2014-08-09 10:49 - 2009-07-14 07:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-02 21:50 - 2014-08-02 18:07 - 00015410 _____ () C:\Users\Pospec\Desktop\at the end.gpx
2014-07-31 22:32 - 2014-07-31 22:32 - 00004468 _____ () C:\Windows\System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5
2014-07-31 22:32 - 2014-07-31 22:32 - 00001752 _____ () C:\Users\Pospec\Desktop\Continue WAV to MP3 Converter.lnk
2014-07-31 22:31 - 2014-07-31 22:31 - 00004560 _____ () C:\Windows\System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-1
2014-07-31 22:31 - 2014-03-17 22:34 - 00002241 _____ () C:\Users\Pospec\Desktop\Google Chrome.lnk
2014-07-31 22:30 - 2014-07-31 22:30 - 00004884 _____ () C:\Windows\System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-7
2014-07-31 22:30 - 2014-07-31 22:30 - 00003628 _____ () C:\Windows\System32\Tasks\13201465-79e6-421b-811d-09b73abe8b71
2014-07-31 22:29 - 2014-07-31 22:29 - 00006820 _____ () C:\Windows\System32\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-11
2014-07-31 22:29 - 2014-07-31 22:29 - 00003926 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-07-31 22:29 - 2014-07-31 22:29 - 00003672 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-07-31 22:29 - 2014-07-31 22:29 - 00000000 ____D () C:\Users\Pospec\AppData\Local\globalUpdate
2014-07-31 22:29 - 2014-07-31 22:29 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-31 22:23 - 2014-07-31 22:23 - 00567376 _____ () C:\Users\Pospec\Downloads\wavtomp3_setup.exe
2014-07-31 22:22 - 2014-07-31 21:27 - 00076272 _____ () C:\Users\Pospec\Desktop\This Is The Life.gpx
2014-07-31 22:19 - 2014-07-31 22:18 - 00699016 _____ (CNET Download.com) C:\Users\Pospec\Downloads\cbsidlm-cbsi213-Free_WAV_to_MP3_Converter-SEO-10060500.exe
2014-07-31 22:18 - 2014-07-31 22:18 - 24336014 _____ () C:\Users\Pospec\Desktop\This Is The Life.rar
2014-07-31 21:26 - 2014-07-31 21:25 - 30437884 _____ () C:\Users\Pospec\Desktop\This Is The Life.wav
2014-07-30 15:23 - 2014-07-30 15:23 - 00096394 _____ () C:\Users\Pospec\Downloads\www-tablatures-tk @ MacDonald, Amy - This Is The Life.gp5
2014-07-30 13:12 - 2014-03-18 15:21 - 00000016 _____ () C:\Users\Pospec\AppData\Roaming\msregsvv.dll
2014-07-30 13:12 - 2014-03-18 15:21 - 00000016 _____ () C:\ProgramData\autobk.inc
2014-07-29 22:48 - 2014-07-29 22:48 - 00031744 _____ () C:\Users\Pospec\Downloads\stredniskoly.xls
2014-07-29 21:29 - 2014-07-29 21:29 - 00007373 _____ () C:\Users\Pospec\Desktop\Untitled.at3h
2014-07-29 20:33 - 2014-03-18 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2014-07-29 20:32 - 2014-07-29 20:31 - 05657920 _____ () C:\Users\Pospec\Downloads\Authorization_Manager_1.0.9.zip
2014-07-29 20:30 - 2014-03-18 15:30 - 00000000 ____D () C:\Users\Pospec\AppData\Roaming\IK Multimedia
2014-07-29 20:27 - 2014-07-29 20:27 - 00001213 _____ () C:\Users\Pospec\Desktop\Custom Shop.lnk
2014-07-29 20:24 - 2014-07-29 20:23 - 08600037 _____ () C:\Users\Pospec\Downloads\Custom_Shop_Win_1.5.zip
2014-07-29 19:18 - 2014-07-24 22:34 - 00000000 ___HD () C:\Users\Pospec\Desktop\.picasaoriginals
2014-07-29 16:53 - 2014-07-29 16:52 - 04810432 _____ () C:\Users\Pospec\Downloads\fwd.zip
2014-07-28 14:08 - 2014-07-28 14:07 - 00000000 ___HD () C:\Users\Pospec\Downloads\.picasaoriginals
2014-07-28 14:08 - 2014-06-29 15:34 - 00000428 ____H () C:\Users\Pospec\Downloads\.picasa.ini
2014-07-28 12:09 - 2014-07-28 10:56 - 00974761 _____ () C:\Users\Pospec\Desktop\pozvanka1.xcf
2014-07-28 11:42 - 2014-07-28 11:16 - 00140930 _____ () C:\Users\Pospec\Downloads\pozvankasecond.xcf
2014-07-26 19:59 - 2014-07-26 19:59 - 00261120 _____ () C:\Users\Pospec\Downloads\20131117184027171582.xls
2014-07-26 12:11 - 2014-07-24 14:39 - 00025321 _____ () C:\Users\Pospec\Desktop\prvnisong.gpx
2014-07-25 22:53 - 2014-07-25 22:53 - 03049853 _____ () C:\Users\Pospec\Desktop\Desktop.rar
2014-07-24 23:02 - 2014-07-24 23:02 - 03902346 _____ () C:\Users\Pospec\Desktop\10404213_815093051842067_8648131094219472656_n.xcf
2014-07-24 14:04 - 2014-07-24 14:03 - 00011066 _____ () C:\Users\Pospec\Downloads\2014.07.01-12.15.47-odp..mid
2014-07-24 13:59 - 2014-07-24 13:59 - 00001465 _____ () C:\Users\Pospec\Downloads\2014.07.24-20.30.47-odp. (1).mid
2014-07-24 13:59 - 2014-07-24 13:58 - 00001465 _____ () C:\Users\Pospec\Downloads\2014.07.24-20.30.47-odp..mid

Some content of TEMP:
====================
C:\Users\Pospec\AppData\Local\Temp\ICReinstall_FileZilla_3.9.0.3_win32-setup (1).exe
C:\Users\Pospec\AppData\Local\Temp\install_reader11_cz_mssa_aaa_aih.exe
C:\Users\Pospec\AppData\Local\Temp\rd.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 20:56

==================== End Of Log ============================

Re: Reklamy kde nebyly + keylogger

Napsal: 14 srp 2014 16:13
od vyosek
:arrow: Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna domaci verze :?:

Re: Reklamy kde nebyly + keylogger

Napsal: 14 srp 2014 16:18
od pospec
Ano, používám. PC jsem si donesl z práce asi před rokem, když se počítače měnily. Tam jsme jsme to měli na všech.

Re: Reklamy kde nebyly + keylogger

Napsal: 14 srp 2014 16:20
od vyosek
:arrow: Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
  • Ulozte nejlepe na plochu
  • Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
  • Probehne vytvoreni zalohy a nasledne prohledavani
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: Reklamy kde nebyly + keylogger

Napsal: 14 srp 2014 19:58
od pospec
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Pospec on źt 14.08.2014 at 20:20:25,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0061908.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0061908.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0061908.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0061908.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110611191108}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220622192208}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550655195508}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660666196608}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440644194408}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611191108}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220622192208}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550655195508}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660666196608}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644194408}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0061908.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0061908.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0061908.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0061908.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550655195508}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660666196608}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440644194408}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611191108}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550655195508}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660666196608}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440644194408}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191108}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Pospec\AppData\Roaming\pdfforge"



~~~ FireFox

Successfully deleted the following from C:\Users\Pospec\AppData\Roaming\mozilla\firefox\profiles\pv7ckj5r.default\prefs.js

user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22
user_pref("extensions.crossrider.bic", "147bc6236f5935e3053abbb59e487cb0");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 14.08.2014 at 20:32:22,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



To druhé:
# AdwCleaner v3.305 - Report created 14/08/2014 at 20:50:43
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Pospec - POSPEC-PC
# Running from : C:\Users\Pospec\Downloads\adwcleaner_3.305.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files (x86)\globalUpdate
[!] Folder Deleted : C:\Program Files (x86)\SavePass
[!] Folder Deleted : C:\Users\Pospec\AppData\Local\globalUpdate
File Deleted : C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Deleted : C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\SavePass
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7080 octets] - [14/08/2014 20:48:35]
AdwCleaner[S0].txt - [7115 octets] - [14/08/2014 20:50:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7175 octets] ##########

Re: Reklamy kde nebyly + keylogger

Napsal: 14 srp 2014 20:09
od vyosek
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Reklamy kde nebyly + keylogger

Napsal: 14 srp 2014 20:32
od pospec
Zoek.exe v5.0.0.0 Updated 13-08-2014
Tool run by Pospec on źt 14.08.2014 at 21:12:31,63.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pospec\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14.8.2014 21:14:32 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default\prefs.js:

Added to C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default

user.js not found
---- Lines aRNEOMVW50611856ZKVKQ22976610com61908 removed from prefs.js ----
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.active", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.addressbar", "NA");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.addressbarenhanced", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.asyncdb.was_copied", "true");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.asyncinternaldb.was_copied", "true");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.backgroundver", 1);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.certdomaininstaller", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallationTime.value", "%221406838572%22");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_id%22%3A%
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.description", "Just Save");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.domain", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.enablesearch", false);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.homepage", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.changeprevious", false);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.iframe", false);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.InstallationThankYouPage", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.InstallationTime", 1406838572);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.__defualt_browser__.value", "%22ch%22");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B2%2C-2147483387%2C0
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22F8373E5C2735464
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_id%22
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22F8373E
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GM
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_appVer.value", "16");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_nextCheck.expiration", "Sun Aug 10 2014 04:08:09 GMT+0200");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.lastDailyReport", "1407614886912");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.lastUpdate", "1407614880372");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.manifesturl", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.name", "SavePass 1.1");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.newtab", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.opensearch", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.pluginsurl", "http://js.infostatsserv.com/plugin/apps ... plugins.js
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.pluginsversion", 11);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.publisher", "OB");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comaRNEOMVW50611856ZKVKQ22976610com61908_dbWasSet", tr
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comaRNEOMVW50611856ZKVKQ22976610com61908_dbWasSet_FF25
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncdb_dbWasSet", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.RNEOMVW50611856@ZKVKQ22976610.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.searchstatus", 0);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.setnewtab", false);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.thankyou", "");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.updateinterval", 360);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.61908.ver", 16);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.apps", "61908");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.bic", "147bc6236f5935e3053abbb59e487cb0");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.cid", 61908);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.firstrun", false);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.hadappinstalled", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.installationdate", 1407614859);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.installerAdditionalInfo", "{\"asw\":[2, -2147483387, 0]}");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.modetype", "production");
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.reportInstall", true);
user_pref("extensions.aRNEOMVW50611856ZKVKQ22976610com61908.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----

prefs_14.08.2014_2123_.backup

==== Deleting Files \ Folders ======================

C:\Users\Pospec\AppData\Roaming\msregsvv.dll deleted
C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-1.job deleted
C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-11.job deleted
C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5.job deleted
C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5_user.job deleted
C:\Windows\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-7.job deleted
C:\windows\SysNative\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-1 deleted
C:\windows\SysNative\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-11 deleted
C:\windows\SysNative\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5 deleted
C:\windows\SysNative\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-5_user deleted
C:\windows\SysNative\Tasks\e025df07-a424-4e29-adcb-3f14a57a8bb4-7 deleted
C:\Users\Pospec\Downloads\iLividSetup-r1236-n-bc.exe deleted
C:\Users\Pospec\Searches deleted
C:\Users\Pospec\Desktop\Continue FileZilla Installation.lnk deleted
C:\Users\Pospec\Desktop\Continue WAV to MP3 Converter.lnk deleted
C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default\extensions\RNEOMVW50611856@ZKVKQ22976610.com deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14.08.2014 20:58]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default
- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[14.08.2014 20:57]

AdBlock - Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chrome Fix ======================

C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pospec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Pospec\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pospec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Pospec\AppData\Local\Mozilla\Firefox\Profiles\pv7ckj5r.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=136 folders=14 2674509 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pospec\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Pospec\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Pospec\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on źt 14.08.2014 at 21:29:36,06 ======================

Re: Reklamy kde nebyly + keylogger

Napsal: 15 srp 2014 08:27
od vyosek
Poprosim o novy log z FRST

Re: Reklamy kde nebyly + keylogger

Napsal: 15 srp 2014 17:23
od pospec
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 01
Ran by Pospec (administrator) on POSPEC-PC on 15-08-2014 18:19:24
Running from C:\Users\Pospec\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Native Instruments GmbH) C:\Program Files\Native Instruments\Guitar Rig 5\Guitar Rig 5.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3868493786-2768822100-3390419468-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3868493786-2768822100-3390419468-1000\...\MountPoints2: {f87448eb-ae9a-11e3-8f7b-bc5ff45dffe3} - H:\autorun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: SavePass -> {11111111-1111-1111-1111-110611191108} -> C:\Program Files (x86)\SavePass\SavePass-bho64.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Pospec\AppData\Roaming\Mozilla\Firefox\Profiles\pv7ckj5r.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-17]

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17]
CHR Extension: (Disk Google) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (YouTube) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Vyhledávání Google) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (avast! Online Security) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-18]
CHR Extension: (Peněženka Google) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-17]
CHR Extension: (Gmail) - C:\Users\Pospec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-18] (Disc Soft Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 21:42 - 2010-07-15 01:52 - 00000000 ____D () C:\Users\Pospec\Desktop\wp-facebookconnect
2014-08-14 21:38 - 2014-08-14 21:39 - 00045472 _____ () C:\Users\Pospec\Downloads\wp-facebookconnect.zip
2014-08-14 21:33 - 2014-08-14 21:33 - 00416799 _____ () C:\Users\Pospec\Downloads\PSD sApplem.psd
2014-08-14 21:27 - 2014-08-14 21:12 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-14 21:14 - 2014-08-14 21:29 - 00019091 _____ () C:\zoek-results.log
2014-08-14 21:12 - 2014-08-14 21:25 - 00000000 ____D () C:\zoek_backup
2014-08-14 21:12 - 2014-08-14 21:12 - 01288704 _____ () C:\Users\Pospec\Downloads\zoek (1).exe
2014-08-14 21:11 - 2014-08-14 21:12 - 01288704 _____ () C:\Users\Pospec\Downloads\zoek.exe
2014-08-14 20:58 - 2014-08-14 20:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-14 20:58 - 2014-08-14 20:58 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-14 20:57 - 2014-08-14 20:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-14 20:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-14 20:47 - 2014-08-14 20:51 - 00000000 ____D () C:\AdwCleaner
2014-08-14 20:32 - 2014-08-14 20:32 - 00004221 _____ () C:\Users\Pospec\Desktop\JRT.txt
2014-08-14 20:20 - 2014-08-14 20:20 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 20:05 - 2014-08-14 20:05 - 01356107 _____ () C:\Users\Pospec\Downloads\adwcleaner_3.305.exe
2014-08-14 19:15 - 2014-08-14 19:25 - 04844410 _____ () C:\Users\Pospec\Desktop\1908321_744307698926035_1334355930005785110_n.psd
2014-08-14 18:01 - 2014-08-14 18:01 - 00000040 ____H () C:\7B0F3C5B8415
2014-08-14 17:29 - 2014-08-14 17:29 - 00002424 _____ () C:\Users\Pospec\Desktop\Adobe Photoshop CS6.lnk
2014-08-14 17:24 - 2014-08-14 17:25 - 01016261 _____ (Thisisu) C:\Users\Pospec\Downloads\JRT.exe
2014-08-14 17:13 - 2014-08-14 17:13 - 00000000 ____D () C:\Users\Pospec\Desktop\Photoshop CS6
2014-08-14 16:30 - 2014-08-14 16:31 - 00024869 _____ () C:\Users\Pospec\Downloads\Addition.txt
2014-08-14 16:27 - 2014-08-15 18:20 - 00012181 _____ () C:\Users\Pospec\Downloads\FRST.txt
2014-08-14 16:27 - 2014-08-15 18:19 - 00000000 ____D () C:\FRST
2014-08-14 16:24 - 2014-08-14 16:27 - 00001120 _____ () C:\Users\Pospec\Downloads\FRSTLauncher.exe
2014-08-14 16:22 - 2014-08-14 16:24 - 02100224 _____ (Farbar) C:\Users\Pospec\Downloads\FRST64.exe
2014-08-14 13:46 - 2014-08-14 13:46 - 00015778 _____ () C:\Users\Pospec\AppData\Local\recently-used.xbel
2014-08-13 22:34 - 2014-08-13 22:34 - 00111308 _____ () C:\Users\Pospec\Downloads\Desktop.rar
2014-08-13 20:02 - 2014-08-13 20:10 - 00000000 ____D () C:\Users\Pospec\Desktop\wordpress
2014-08-13 20:00 - 2014-08-14 22:31 - 00000000 ____D () C:\Users\Pospec\AppData\Roaming\FileZilla
2014-08-13 20:00 - 2014-08-13 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-13 19:59 - 2014-08-13 20:00 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-13 19:58 - 2014-08-13 19:58 - 06052529 _____ (Tim Kosse) C:\Users\Pospec\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-13 19:58 - 2014-08-13 19:58 - 00741512 _____ () C:\Users\Pospec\Downloads\FileZilla_3.9.0.3_win32-setup (1).exe
2014-08-13 19:54 - 2014-08-13 19:55 - 06725210 _____ () C:\Users\Pospec\Downloads\wordpress-3.9.1-cs_CZ.zip
2014-08-13 16:00 - 2014-08-13 16:00 - 02148864 _____ () C:\Users\Pospec\Downloads\WebCamera [SHAPE GmbH] (v2.6.0 os43)-drAdeLante-ICPDA.rc30c5.ipa
2014-08-13 14:42 - 2011-04-06 17:52 - 00028304 _____ (SHAPE Services GmbH) C:\Windows\system32\Drivers\mobiolavs.sys
2014-08-13 14:37 - 2014-08-13 14:38 - 03757971 _____ () C:\Users\Pospec\Downloads\Mobiola WebCamera for iPhone v2.2.1.42.dmg
2014-08-13 14:35 - 2014-08-13 14:36 - 10305387 _____ () C:\Users\Pospec\Downloads\Mobiola_WebCamera_for_iPhone_Desktop.zip
2014-08-13 14:33 - 2014-08-13 15:33 - 00000000 ____D () C:\Users\Pospec\AppData\Roaming\Skype
2014-08-13 14:33 - 2014-08-13 14:33 - 00000000 ____D () C:\Users\Pospec\AppData\Local\Skype
2014-08-13 14:32 - 2014-08-14 16:15 - 00000000 ____D () C:\ProgramData\Skype
2014-08-13 14:29 - 2014-08-13 14:31 - 35596384 _____ (Skype Technologies S.A.) C:\Users\Pospec\Downloads\SkypeSetupFull.exe
2014-08-13 01:00 - 2014-08-13 01:00 - 04575232 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-08-11 16:53 - 2014-08-11 16:53 - 00018988 _____ () C:\Users\Pospec\Desktop\Rock Power Trio.gpx
2014-08-11 15:20 - 2014-08-11 16:57 - 00021629 _____ () C:\Users\Pospec\Desktop\We Drink Your Blood.gpx
2014-08-02 18:07 - 2014-08-02 21:50 - 00015410 _____ () C:\Users\Pospec\Desktop\at the end.gpx
2014-07-31 22:30 - 2014-08-15 16:32 - 00000598 _____ () C:\Windows\Tasks\13201465-79e6-421b-811d-09b73abe8b71.job
2014-07-31 22:30 - 2014-07-31 22:30 - 00003628 _____ () C:\Windows\System32\Tasks\13201465-79e6-421b-811d-09b73abe8b71
2014-07-31 22:23 - 2014-07-31 22:23 - 00567376 _____ () C:\Users\Pospec\Downloads\wavtomp3_setup.exe
2014-07-31 22:18 - 2014-07-31 22:19 - 00699016 _____ (CNET Download.com) C:\Users\Pospec\Downloads\cbsidlm-cbsi213-Free_WAV_to_MP3_Converter-SEO-10060500.exe
2014-07-31 22:18 - 2014-07-31 22:18 - 24336014 _____ () C:\Users\Pospec\Desktop\This Is The Life.rar
2014-07-31 21:27 - 2014-07-31 22:22 - 00076272 _____ () C:\Users\Pospec\Desktop\This Is The Life.gpx
2014-07-31 21:25 - 2014-07-31 21:26 - 30437884 _____ () C:\Users\Pospec\Desktop\This Is The Life.wav
2014-07-30 15:23 - 2014-07-30 15:23 - 00096394 _____ () C:\Users\Pospec\Downloads\www-tablatures-tk @ MacDonald, Amy - This Is The Life.gp5
2014-07-29 22:48 - 2014-07-29 22:48 - 00031744 _____ () C:\Users\Pospec\Downloads\stredniskoly.xls
2014-07-29 21:29 - 2014-07-29 21:29 - 00007373 _____ () C:\Users\Pospec\Desktop\Untitled.at3h
2014-07-29 20:31 - 2014-07-29 20:32 - 05657920 _____ () C:\Users\Pospec\Downloads\Authorization_Manager_1.0.9.zip
2014-07-29 20:27 - 2014-07-29 20:27 - 00001213 _____ () C:\Users\Pospec\Desktop\Custom Shop.lnk
2014-07-29 20:23 - 2014-07-29 20:24 - 08600037 _____ () C:\Users\Pospec\Downloads\Custom_Shop_Win_1.5.zip
2014-07-29 16:52 - 2014-07-29 16:53 - 04810432 _____ () C:\Users\Pospec\Downloads\fwd.zip
2014-07-28 14:07 - 2014-07-28 14:08 - 00000000 ___HD () C:\Users\Pospec\Downloads\.picasaoriginals
2014-07-28 11:16 - 2014-07-28 11:42 - 00140930 _____ () C:\Users\Pospec\Downloads\pozvankasecond.xcf
2014-07-28 10:56 - 2014-07-28 12:09 - 00974761 _____ () C:\Users\Pospec\Desktop\pozvanka1.xcf
2014-07-26 19:59 - 2014-07-26 19:59 - 00261120 _____ () C:\Users\Pospec\Downloads\20131117184027171582.xls
2014-07-25 22:53 - 2014-07-25 22:53 - 03049853 _____ () C:\Users\Pospec\Desktop\Desktop.rar
2014-07-24 23:02 - 2014-07-24 23:02 - 03902346 _____ () C:\Users\Pospec\Desktop\10404213_815093051842067_8648131094219472656_n.xcf
2014-07-24 22:34 - 2014-07-29 19:18 - 00000000 ___HD () C:\Users\Pospec\Desktop\.picasaoriginals
2014-07-24 14:39 - 2014-07-26 12:11 - 00025321 _____ () C:\Users\Pospec\Desktop\prvnisong.gpx
2014-07-24 14:03 - 2014-07-24 14:04 - 00011066 _____ () C:\Users\Pospec\Downloads\2014.07.01-12.15.47-odp..mid
2014-07-24 13:59 - 2014-07-24 13:59 - 00001465 _____ () C:\Users\Pospec\Downloads\2014.07.24-20.30.47-odp. (1).mid
2014-07-24 13:58 - 2014-07-24 13:59 - 00001465 _____ () C:\Users\Pospec\Downloads\2014.07.24-20.30.47-odp..mid

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-15 18:20 - 2014-08-14 16:27 - 00012181 _____ () C:\Users\Pospec\Downloads\FRST.txt
2014-08-15 18:19 - 2014-08-14 16:27 - 00000000 ____D () C:\FRST
2014-08-15 18:18 - 2014-04-27 10:28 - 00000000 ____D () C:\Users\Pospec\.gimp-2.8
2014-08-15 17:55 - 2014-03-17 22:32 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 16:38 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 16:38 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 16:34 - 2014-03-17 22:09 - 00640084 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 16:32 - 2014-07-31 22:30 - 00000598 _____ () C:\Windows\Tasks\13201465-79e6-421b-811d-09b73abe8b71.job
2014-08-15 16:32 - 2014-03-17 22:32 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 16:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 16:31 - 2009-07-14 06:51 - 00043289 _____ () C:\Windows\setupact.log
2014-08-14 22:31 - 2014-08-13 20:00 - 00000000 ____D () C:\Users\Pospec\AppData\Roaming\FileZilla
2014-08-14 21:39 - 2014-08-14 21:38 - 00045472 _____ () C:\Users\Pospec\Downloads\wp-facebookconnect.zip
2014-08-14 21:33 - 2014-08-14 21:33 - 00416799 _____ () C:\Users\Pospec\Downloads\PSD sApplem.psd
2014-08-14 21:29 - 2014-08-14 21:14 - 00019091 _____ () C:\zoek-results.log
2014-08-14 21:28 - 2014-03-18 07:31 - 00007730 _____ () C:\Windows\PFRO.log
2014-08-14 21:25 - 2014-08-14 21:12 - 00000000 ____D () C:\zoek_backup
2014-08-14 21:24 - 2014-03-17 22:14 - 00000000 ____D () C:\Users\Pospec
2014-08-14 21:12 - 2014-08-14 21:27 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-14 21:12 - 2014-08-14 21:12 - 01288704 _____ () C:\Users\Pospec\Downloads\zoek (1).exe
2014-08-14 21:12 - 2014-08-14 21:11 - 01288704 _____ () C:\Users\Pospec\Downloads\zoek.exe
2014-08-14 20:58 - 2014-08-14 20:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-14 20:58 - 2014-08-14 20:58 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-14 20:58 - 2014-03-17 22:28 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-14 20:58 - 2014-03-17 22:27 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-14 20:58 - 2014-03-17 22:27 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-14 20:58 - 2014-03-17 22:27 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-14 20:58 - 2014-03-17 22:27 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-14 20:58 - 2014-03-17 22:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-14 20:58 - 2014-03-17 22:27 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-14 20:58 - 2014-03-17 22:27 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-14 20:58 - 2014-03-17 22:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-14 20:57 - 2014-08-14 20:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-14 20:51 - 2014-08-14 20:47 - 00000000 ____D () C:\AdwCleaner
2014-08-14 20:32 - 2014-08-14 20:32 - 00004221 _____ () C:\Users\Pospec\Desktop\JRT.txt
2014-08-14 20:20 - 2014-08-14 20:20 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 20:05 - 2014-08-14 20:05 - 01356107 _____ () C:\Users\Pospec\Downloads\adwcleaner_3.305.exe
2014-08-14 19:25 - 2014-08-14 19:15 - 04844410 _____ () C:\Users\Pospec\Desktop\1908321_744307698926035_1334355930005785110_n.psd
2014-08-14 18:01 - 2014-08-14 18:01 - 00000040 ____H () C:\7B0F3C5B8415
2014-08-14 17:29 - 2014-08-14 17:29 - 00002424 _____ () C:\Users\Pospec\Desktop\Adobe Photoshop CS6.lnk
2014-08-14 17:25 - 2014-08-14 17:24 - 01016261 _____ (Thisisu) C:\Users\Pospec\Downloads\JRT.exe
2014-08-14 17:24 - 2014-03-18 15:07 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-14 17:13 - 2014-08-14 17:13 - 00000000 ____D () C:\Users\Pospec\Desktop\Photoshop CS6
2014-08-14 16:31 - 2014-08-14 16:30 - 00024869 _____ () C:\Users\Pospec\Downloads\Addition.txt
2014-08-14 16:27 - 2014-08-14 16:24 - 00001120 _____ () C:\Users\Pospec\Downloads\FRSTLauncher.exe
2014-08-14 16:24 - 2014-08-14 16:22 - 02100224 _____ (Farbar) C:\Users\Pospec\Downloads\FRST64.exe
2014-08-14 16:15 - 2014-08-13 14:32 - 00000000 ____D () C:\ProgramData\Skype
2014-08-14 13:46 - 2014-08-14 13:46 - 00015778 _____ () C:\Users\Pospec\AppData\Local\recently-used.xbel
2014-08-14 13:33 - 2014-04-27 10:37 - 00000000 ____D () C:\Users\Pospec\AppData\Local\gtk-2.0
2014-08-14 10:46 - 2009-07-14 17:18 - 00665706 _____ () C:\Windows\system32\perfh005.dat
2014-08-14 10:46 - 2009-07-14 17:18 - 00139402 _____ () C:\Windows\system32\perfc005.dat
2014-08-14 10:46 - 2009-07-14 07:13 - 01575230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 22:34 - 2014-08-13 22:34 - 00111308 _____ () C:\Users\Pospec\Downloads\Desktop.rar
2014-08-13 20:10 - 2014-08-13 20:02 - 00000000 ____D () C:\Users\Pospec\Desktop\wordpress
2014-08-13 20:00 - 2014-08-13 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-13 20:00 - 2014-08-13 19:59 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-13 19:58 - 2014-08-13 19:58 - 06052529 _____ (Tim Kosse) C:\Users\Pospec\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-13 19:58 - 2014-08-13 19:58 - 00741512 _____ () C:\Users\Pospec\Downloads\FileZilla_3.9.0.3_win32-setup (1).exe
2014-08-13 19:55 - 2014-08-13 19:54 - 06725210 _____ () C:\Users\Pospec\Downloads\wordpress-3.9.1-cs_CZ.zip
2014-08-13 16:00 - 2014-08-13 16:00 - 02148864 _____ () C:\Users\Pospec\Downloads\WebCamera [SHAPE GmbH] (v2.6.0 os43)-drAdeLante-ICPDA.rc30c5.ipa
2014-08-13 15:33 - 2014-08-13 14:33 - 00000000 ____D () C:\Users\Pospec\AppData\Roaming\Skype
2014-08-13 14:38 - 2014-08-13 14:37 - 03757971 _____ () C:\Users\Pospec\Downloads\Mobiola WebCamera for iPhone v2.2.1.42.dmg
2014-08-13 14:36 - 2014-08-13 14:35 - 10305387 _____ () C:\Users\Pospec\Downloads\Mobiola_WebCamera_for_iPhone_Desktop.zip
2014-08-13 14:33 - 2014-08-13 14:33 - 00000000 ____D () C:\Users\Pospec\AppData\Local\Skype
2014-08-13 14:31 - 2014-08-13 14:29 - 35596384 _____ (Skype Technologies S.A.) C:\Users\Pospec\Downloads\SkypeSetupFull.exe
2014-08-13 01:00 - 2014-08-13 01:00 - 04575232 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-08-11 16:57 - 2014-08-11 15:20 - 00021629 _____ () C:\Users\Pospec\Desktop\We Drink Your Blood.gpx
2014-08-11 16:53 - 2014-08-11 16:53 - 00018988 _____ () C:\Users\Pospec\Desktop\Rock Power Trio.gpx
2014-08-09 10:49 - 2009-07-14 07:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-02 21:50 - 2014-08-02 18:07 - 00015410 _____ () C:\Users\Pospec\Desktop\at the end.gpx
2014-07-31 22:31 - 2014-03-17 22:34 - 00002241 _____ () C:\Users\Pospec\Desktop\Google Chrome.lnk
2014-07-31 22:30 - 2014-07-31 22:30 - 00003628 _____ () C:\Windows\System32\Tasks\13201465-79e6-421b-811d-09b73abe8b71
2014-07-31 22:23 - 2014-07-31 22:23 - 00567376 _____ () C:\Users\Pospec\Downloads\wavtomp3_setup.exe
2014-07-31 22:22 - 2014-07-31 21:27 - 00076272 _____ () C:\Users\Pospec\Desktop\This Is The Life.gpx
2014-07-31 22:19 - 2014-07-31 22:18 - 00699016 _____ (CNET Download.com) C:\Users\Pospec\Downloads\cbsidlm-cbsi213-Free_WAV_to_MP3_Converter-SEO-10060500.exe
2014-07-31 22:18 - 2014-07-31 22:18 - 24336014 _____ () C:\Users\Pospec\Desktop\This Is The Life.rar
2014-07-31 21:26 - 2014-07-31 21:25 - 30437884 _____ () C:\Users\Pospec\Desktop\This Is The Life.wav
2014-07-30 15:23 - 2014-07-30 15:23 - 00096394 _____ () C:\Users\Pospec\Downloads\www-tablatures-tk @ MacDonald, Amy - This Is The Life.gp5
2014-07-30 13:12 - 2014-03-18 15:21 - 00000016 _____ () C:\ProgramData\autobk.inc
2014-07-29 22:48 - 2014-07-29 22:48 - 00031744 _____ () C:\Users\Pospec\Downloads\stredniskoly.xls
2014-07-29 21:29 - 2014-07-29 21:29 - 00007373 _____ () C:\Users\Pospec\Desktop\Untitled.at3h
2014-07-29 20:33 - 2014-03-18 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2014-07-29 20:32 - 2014-07-29 20:31 - 05657920 _____ () C:\Users\Pospec\Downloads\Authorization_Manager_1.0.9.zip
2014-07-29 20:30 - 2014-03-18 15:30 - 00000000 ____D () C:\Users\Pospec\AppData\Roaming\IK Multimedia
2014-07-29 20:27 - 2014-07-29 20:27 - 00001213 _____ () C:\Users\Pospec\Desktop\Custom Shop.lnk
2014-07-29 20:24 - 2014-07-29 20:23 - 08600037 _____ () C:\Users\Pospec\Downloads\Custom_Shop_Win_1.5.zip
2014-07-29 19:18 - 2014-07-24 22:34 - 00000000 ___HD () C:\Users\Pospec\Desktop\.picasaoriginals
2014-07-29 16:53 - 2014-07-29 16:52 - 04810432 _____ () C:\Users\Pospec\Downloads\fwd.zip
2014-07-28 14:08 - 2014-07-28 14:07 - 00000000 ___HD () C:\Users\Pospec\Downloads\.picasaoriginals
2014-07-28 14:08 - 2014-06-29 15:34 - 00000428 ____H () C:\Users\Pospec\Downloads\.picasa.ini
2014-07-28 12:09 - 2014-07-28 10:56 - 00974761 _____ () C:\Users\Pospec\Desktop\pozvanka1.xcf
2014-07-28 11:42 - 2014-07-28 11:16 - 00140930 _____ () C:\Users\Pospec\Downloads\pozvankasecond.xcf
2014-07-26 19:59 - 2014-07-26 19:59 - 00261120 _____ () C:\Users\Pospec\Downloads\20131117184027171582.xls
2014-07-26 12:11 - 2014-07-24 14:39 - 00025321 _____ () C:\Users\Pospec\Desktop\prvnisong.gpx
2014-07-25 22:53 - 2014-07-25 22:53 - 03049853 _____ () C:\Users\Pospec\Desktop\Desktop.rar
2014-07-24 23:02 - 2014-07-24 23:02 - 03902346 _____ () C:\Users\Pospec\Desktop\10404213_815093051842067_8648131094219472656_n.xcf
2014-07-24 14:04 - 2014-07-24 14:03 - 00011066 _____ () C:\Users\Pospec\Downloads\2014.07.01-12.15.47-odp..mid
2014-07-24 13:59 - 2014-07-24 13:59 - 00001465 _____ () C:\Users\Pospec\Downloads\2014.07.24-20.30.47-odp. (1).mid
2014-07-24 13:59 - 2014-07-24 13:58 - 00001465 _____ () C:\Users\Pospec\Downloads\2014.07.24-20.30.47-odp..mid

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 20:56

==================== End Of Log ============================

Re: Reklamy kde nebyly + keylogger

Napsal: 16 srp 2014 06:46
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3868493786-2768822100-3390419468-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3868493786-2768822100-3390419468-1000\...\MountPoints2: {f87448eb-ae9a-11e3-8f7b-bc5ff45dffe3} - H:\autorun.exe

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: SavePass -> {11111111-1111-1111-1111-110611191108} -> C:\Program Files (x86)\SavePass\SavePass-bho64.dll No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

2014-08-14 21:14 - 2014-08-14 21:29 - 00019091 _____ () C:\zoek-results.log
2014-08-14 21:12 - 2014-08-14 21:25 - 00000000 ____D () C:\zoek_backup
2014-08-14 21:12 - 2014-08-14 21:12 - 01288704 _____ () C:\Users\Pospec\Downloads\zoek (1).exe
2014-08-14 21:11 - 2014-08-14 21:12 - 01288704 _____ () C:\Users\Pospec\Downloads\zoek.exe
2014-08-14 20:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-14 20:47 - 2014-08-14 20:51 - 00000000 ____D () C:\AdwCleaner
2014-08-14 20:32 - 2014-08-14 20:32 - 00004221 _____ () C:\Users\Pospec\Desktop\JRT.txt
2014-08-14 20:20 - 2014-08-14 20:20 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 20:05 - 2014-08-14 20:05 - 01356107 _____ () C:\Users\Pospec\Downloads\adwcleaner_3.305.exe
2014-08-14 17:24 - 2014-08-14 17:25 - 01016261 _____ (Thisisu) C:\Users\Pospec\Downloads\JRT.exe
2014-08-14 16:30 - 2014-08-14 16:31 - 00024869 _____ () C:\Users\Pospec\Downloads\Addition.txt
2014-08-14 16:27 - 2014-08-15 18:20 - 00012181 _____ () C:\Users\Pospec\Downloads\FRST.txt
2014-08-14 16:24 - 2014-08-14 16:27 - 00001120 _____ () C:\Users\Pospec\Downloads\FRSTLauncher.exe

Hosts:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: Reklamy kde nebyly + keylogger

Napsal: 16 srp 2014 14:39
od pospec
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 02
Ran by Pospec at 2014-08-16 15:27:10 Run:1
Running from C:\Users\Pospec\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3868493786-2768822100-3390419468-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3868493786-2768822100-3390419468-1000\...\MountPoints2: {f87448eb-ae9a-11e3-8f7b-bc5ff45dffe3} - H:\autorun.exe

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: SavePass -> {11111111-1111-1111-1111-110611191108} -> C:\Program Files (x86)\SavePass\SavePass-bho64.dll No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

2014-08-14 21:14 - 2014-08-14 21:29 - 00019091 _____ () C:\zoek-results.log
2014-08-14 21:12 - 2014-08-14 21:25 - 00000000 ____D () C:\zoek_backup
2014-08-14 21:12 - 2014-08-14 21:12 - 01288704 _____ () C:\Users\Pospec\Downloads\zoek (1).exe
2014-08-14 21:11 - 2014-08-14 21:12 - 01288704 _____ () C:\Users\Pospec\Downloads\zoek.exe
2014-08-14 20:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-14 20:47 - 2014-08-14 20:51 - 00000000 ____D () C:\AdwCleaner
2014-08-14 20:32 - 2014-08-14 20:32 - 00004221 _____ () C:\Users\Pospec\Desktop\JRT.txt
2014-08-14 20:20 - 2014-08-14 20:20 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 20:05 - 2014-08-14 20:05 - 01356107 _____ () C:\Users\Pospec\Downloads\adwcleaner_3.305.exe
2014-08-14 17:24 - 2014-08-14 17:25 - 01016261 _____ (Thisisu) C:\Users\Pospec\Downloads\JRT.exe
2014-08-14 16:30 - 2014-08-14 16:31 - 00024869 _____ () C:\Users\Pospec\Downloads\Addition.txt
2014-08-14 16:27 - 2014-08-15 18:20 - 00012181 _____ () C:\Users\Pospec\Downloads\FRST.txt
2014-08-14 16:24 - 2014-08-14 16:27 - 00001120 _____ () C:\Users\Pospec\Downloads\FRSTLauncher.exe

Hosts:
Reboot:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKU\S-1-5-21-3868493786-2768822100-3390419468-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
"HKU\S-1-5-21-3868493786-2768822100-3390419468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f87448eb-ae9a-11e3-8f7b-bc5ff45dffe3}" => Key deleted successfully.
"HKCR\CLSID\{f87448eb-ae9a-11e3-8f7b-bc5ff45dffe3}" => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
"HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191108}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611191108}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Pospec\Downloads\zoek (1).exe => Moved successfully.
C:\Users\Pospec\Downloads\zoek.exe => Moved successfully.
C:\Windows\SysWOW64\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Pospec\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Pospec\Downloads\adwcleaner_3.305.exe => Moved successfully.
C:\Users\Pospec\Downloads\JRT.exe => Moved successfully.
C:\Users\Pospec\Downloads\Addition.txt => Moved successfully.
C:\Users\Pospec\Downloads\FRST.txt => Moved successfully.
C:\Users\Pospec\Downloads\FRSTLauncher.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needed a reboot.

==== End of Fixlog ====

Re: Reklamy kde nebyly + keylogger

Napsal: 16 srp 2014 14:57
od vyosek
Jak se chova PC??

Re: Reklamy kde nebyly + keylogger

Napsal: 16 srp 2014 17:59
od pospec
Reklamy zmizely, počítač funguje mnohem rychleji.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz