Vyskakovací reklamy v Chromu

Zpráva

Ascly · #1 Příspěvek od **Ascly** » 14 pro 2014 08:52

Dobrý den, mam menší problém s vyskakovacími reklamami na jakýchkoliv stránkách... Nejdřív to bylo "Ad by BestSaveForYou Ads" nyní po vyčistění malwarebytem je to "Ad by NoMore Ads" ....
Již dřív jsem se tohohle problému zbavoval tím, že jsem jednoduše odinstaloval aplikaci která tento problém způsobovala, nyní nevím která z aplikací to může způsobovat, protože se mi tento problém objevil náhodou.
Prosím o kontrolu logu z RSIT (a zároveň děkuju předem za jakoukoliv pomoc):

Logfile of random's system information tool 1.10 (written by random/random)
Run by Libor at 2014-12-14 08:49:28
Microsoft Windows 8.1
System drive C: has 586 GB (64%) free of 911 GB
Total RAM: 7375 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:49:32, on 14. 12. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Libor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IMVU Inc - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe
O4 - HKLM\..\Run: [MSStp] C:\windows\system32\msstp.vbe
O4 - HKLM\..\Run: [mnckjtxpSrv] C:\windows\inf\mnckjtxp.vbe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h (User '?')
O4 - HKUS\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR (User '?')
O4 - S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: GamersFirst LIVE!.lnk = Libor\AppData\Local\GamersFirst\LIVE!\Live.exe (User '?')
O4 - S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: PSPdisp.lnk = C:\Program Files (x86)\PSPdisp\bin\app\PSPdisp.exe (User '?')
O4 - S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk = ? (User '?')
O4 - Startup: GamersFirst LIVE!.lnk = Libor\AppData\Local\GamersFirst\LIVE!\Live.exe
O4 - Startup: PSPdisp.lnk = C:\Program Files (x86)\PSPdisp\bin\app\PSPdisp.exe
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HiSuiteOuc64.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 10435 bytes

======Listing Processes======

wininit.exe

C:\WINDOWS\system32\lsass.exe
winlogon.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
atieclxx
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe"
C:\windows\system32\CxAudMsg64.exe
"C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe" -/service
dashost.exe {c218258a-5712-4766-82e7fa2283e924c8}
"C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe"

"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-59e0fb14-e255-4a34-8220-2792ffe8ef40 -SystemEventPortName:HostProcess-d9fde3e1-7672-476e-b425-6315d2600918 -IoCancelEventPortName:HostProcess-66aadfb6-afc6-44ab-93e1-6420cf811934 -NonStateChangingEventPortName:HostProcess-0113ac10-f1cd-43a0-9ddd-2f8132e97518 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:67164752-c594-4a6b-ac42-9dfd2bb21b49 -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
taskeng.exe {797603E0-C6C0-46BB-983E-3B077BFDE175}
taskhostex.exe
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
taskeng.exe {405C3F97-58C6-4BA4-B63B-287AD504CE93}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Windows\RTFTrack.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files\Conexant\SAII\SmartAudio.exe" /t
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\AMD Quick Stream\AMDQuickStream.exe" -h
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files\Elantech\ETDIntelligent.exe"
"C:\WINDOWS\system32\RunDll32.exe" "C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN08T2N6GB05D1;CONNECTION=USB;MONITOR=1;
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1 ... XXW380BLB7
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="7004.0.297974760\1781246400" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17,38 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x6663 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.251.9001.1001 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group3 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 prerender_instant_url_on_omnibox_focus:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/Bootstrap/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderLocalPredictorSpec/cd=3:LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/OneDay/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="7004.2.1141297079\533344960" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group3 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 prerender_instant_url_on_omnibox_focus:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/Bootstrap/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderLocalPredictorSpec/cd=3:LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/OneDay/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="7004.3.821366117\2072132303" /prefetch:673131151
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="7004.5.129283869\1840646180" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group3 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 prerender_instant_url_on_omnibox_focus:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/Bootstrap/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3:LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/OneDay/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="7004.7.1728952062\1047351367" /prefetch:673131151
"C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe" /showasync

"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\WINDOWS\System32\Taskmgr.exe" /3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group3 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 prerender_instant_url_on_omnibox_focus:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/Bootstrap/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3:LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/OneDay/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="7004.9.875210473\1548587035" /prefetch:673131151
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey CB975067-BF4C-953D-CD27-EE3049F814D3 -Reinvoke
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "0x728_0x1b24_0x48266cef"
"C:\Users\Libor\Downloads\RSITx64.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe"
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\dsmonitor.job - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\PremiumAmplifier-S-3516579428.job - c:\programdata\trusted publisher\masterware\PremiumAmplifier.exe /schedule /profile "c:\programdata\trusted publisher\masterware\3516579428.ini"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-04 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
IMVU Inc Toolbar - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll [2014-04-10 423744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25 1253144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-04 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90B49673-5506-483E-B92B-CA0265BD9CA8} - IMVU Inc Toolbar - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll [2014-04-10 423744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{90b49673-5506-483e-b92b-ca0265bd9ca8} - IMVU Inc Toolbar - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll [2014-04-10 423744]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25 1253144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2013-03-05 2876816]
"RtsFT"=C:\WINDOWS\RTFTrack.exe [2013-04-10 6339656]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-02-04 899680]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2013-08-17 17097200]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2013-08-17 193008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-01-25 131712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AppEx Accelerator UI"=C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [2013-04-11 429792]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-29 6501656]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-07-04 766688]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2012-04-19 217088]
"RemoteControl10"=C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"Intel AppUp(SM) center"=C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [2012-07-12 155488]
"4StoryPrePatch"=C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe [2014-04-24 327680]
"MSStp"=C:\windows\system32\msstp.vbe []
"mnckjtxpSrv"=C:\windows\inf\mnckjtxp.vbe [2014-01-19 1342]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26 271744]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2014-10-25 366904]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-01-25 131712]

C:\Users\Libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
GamersFirst LIVE!.lnk - C:\Users\Libor\AppData\Local\GamersFirst\LIVE!\Live.exe
PSPdisp.lnk - C:\Program Files (x86)\PSPdisp\bin\app\PSPdisp.exe
Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-12-14 08:49:29 ----D---- C:\Program Files\trend micro
2014-12-14 08:49:28 ----D---- C:\rsit
2014-12-14 08:20:14 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2014-12-14 08:19:57 ----D---- C:\ProgramData\Malwarebytes
2014-12-14 08:19:57 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-14 08:19:57 ----A---- C:\WINDOWS\system32\drivers\mwac.sys
2014-12-14 08:19:57 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-12-14 08:19:57 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-12-13 17:06:01 ----D---- C:\ProgramData\Block The Ads
2014-12-13 08:34:18 ----D---- C:\ProgramData\DigiSaver
2014-12-11 07:10:58 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2014-12-11 07:10:58 ----A---- C:\WINDOWS\system32\poqexec.exe
2014-12-11 07:04:49 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2014-12-10 23:02:05 ----D---- C:\WINDOWS\system32\appraiser
2014-12-10 07:13:45 ----A---- C:\WINDOWS\SYSWOW64\crypt32.dll
2014-12-10 07:13:45 ----A---- C:\WINDOWS\system32\crypt32.dll
2014-12-10 07:13:44 ----A---- C:\WINDOWS\SYSWOW64\DeviceSetupStatusProvider.dll
2014-12-10 07:13:44 ----A---- C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 07:13:33 ----A---- C:\WINDOWS\SYSWOW64\MrmCoreR.dll
2014-12-10 07:13:33 ----A---- C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 07:13:31 ----A---- C:\WINDOWS\system32\invagent.dll
2014-12-10 07:13:31 ----A---- C:\WINDOWS\system32\generaltel.dll
2014-12-10 07:13:31 ----A---- C:\WINDOWS\system32\devinv.dll
2014-12-10 07:13:31 ----A---- C:\WINDOWS\system32\appraiser.dll
2014-12-10 07:13:31 ----A---- C:\WINDOWS\system32\aepic.dll
2014-12-10 07:13:31 ----A---- C:\WINDOWS\system32\aepdu.dll
2014-12-10 07:13:31 ----A---- C:\WINDOWS\system32\aeinv.dll
2014-12-10 07:06:36 ----AC---- C:\WINDOWS\system32\drivers\sdbus.sys
2014-12-10 07:06:36 ----AC---- C:\WINDOWS\system32\drivers\intelpep.sys
2014-12-10 07:06:36 ----AC---- C:\WINDOWS\system32\drivers\dumpsd.sys
2014-12-10 07:06:36 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2014-12-10 07:06:36 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 07:06:36 ----A---- C:\WINDOWS\system32\drivers\pdc.sys
2014-12-10 07:06:33 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-12-10 07:06:32 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2014-12-10 07:06:28 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-12-10 07:06:27 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2014-12-10 07:06:26 ----A---- C:\WINDOWS\system32\wininet.dll
2014-12-10 07:06:26 ----A---- C:\WINDOWS\system32\jscript9.dll
2014-12-10 07:06:25 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2014-12-10 07:06:25 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2014-12-10 07:06:25 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2014-12-10 07:06:25 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2014-12-10 07:06:25 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-12-10 07:06:25 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-12-10 07:06:24 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2014-12-10 07:06:24 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\system32\webcheck.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\system32\vbscript.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 07:06:23 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 07:06:23 ----A---- C:\WINDOWS\system32\dxtrans.dll
2014-12-10 07:06:22 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2014-12-10 07:06:22 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2014-12-10 07:06:22 ----A---- C:\WINDOWS\system32\jscript.dll
2014-12-10 07:06:22 ----A---- C:\WINDOWS\system32\inetcomm.dll
2014-12-06 12:13:50 ----D---- C:\Users\Libor\AppData\Roaming\Steam
2014-12-06 12:03:05 ----D---- C:\Program Files (x86)\Naruto Shippuden Ultimate Ninja Storm Revolution
2014-12-06 08:09:43 ----D---- C:\ProgramData\fe4a414d44ab8da5
2014-12-05 14:04:13 ----D---- C:\Temp
2014-12-04 20:36:47 ----D---- C:\pebuilder3110a
2014-12-04 19:53:00 ----D---- C:\Program Files (x86)\PowerISO
2014-12-04 19:53:00 ----A---- C:\WINDOWS\system32\drivers\scdemu.sys
2014-11-29 10:19:09 ----D---- C:\ProgramData\Trusted Publisher
2014-11-29 10:17:53 ----D---- C:\ProgramData\18323529834030665125
2014-11-29 10:17:12 ----D---- C:\ProgramData\bgjchkmkefdnoocfkjicajhfdmaclnjn
2014-11-22 19:16:50 ----D---- C:\Program Files (x86)\World of Metin2
2014-11-21 18:53:46 ----D---- C:\Program Files\CCleaner
2014-11-21 18:51:27 ----D---- C:\Program Files (x86)\Google
2014-11-19 05:27:53 ----A---- C:\WINDOWS\SYSWOW64\pku2u.dll
2014-11-19 05:27:53 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2014-11-19 05:27:53 ----A---- C:\WINDOWS\system32\pku2u.dll
2014-11-19 05:27:53 ----A---- C:\WINDOWS\system32\kerberos.dll
2014-11-16 08:42:33 ----D---- C:\Program Files (x86)\Microsoft
2014-11-16 08:42:31 ----D---- C:\ProgramData\Visan
2014-11-16 08:42:31 ----D---- C:\ProgramData\HP Photo Creations
2014-11-16 08:42:31 ----D---- C:\Program Files (x86)\HP Photo Creations
2014-11-16 08:42:26 ----D---- C:\Users\Libor\AppData\Roaming\HpUpdate
2014-11-16 08:41:13 ----D---- C:\Program Files\HP
2014-11-16 08:41:08 ----A---- C:\ProgramData\Ament.ini
2014-11-16 08:38:53 ----D---- C:\Program Files (x86)\HP
2014-11-16 08:31:26 ----D---- C:\ProgramData\HP

======List of files/folders modified in the last 1 month======

2014-12-14 08:49:29 ----RD---- C:\Program Files
2014-12-14 08:49:23 ----D---- C:\WINDOWS\Temp
2014-12-14 08:47:11 ----D---- C:\WINDOWS\Prefetch
2014-12-14 08:38:02 ----D---- C:\WINDOWS\system32\wdi
2014-12-14 08:36:05 ----RD---- C:\Program Files (x86)
2014-12-14 08:36:05 ----D---- C:\WINDOWS\system32\drivers
2014-12-14 08:36:05 ----D---- C:\WINDOWS\en-US
2014-12-14 08:35:23 ----HD---- C:\ProgramData
2014-12-14 08:35:23 ----D---- C:\Program Files (x86)\globalUpdate
2014-12-14 08:35:22 ----D---- C:\WINDOWS\Inf
2014-12-14 08:35:20 ----D---- C:\WINDOWS\Tasks
2014-12-14 08:35:20 ----D---- C:\WINDOWS\SysWOW64
2014-12-14 08:35:20 ----D---- C:\WINDOWS\system32\Tasks
2014-12-14 08:16:09 ----D---- C:\ProgramData\Orbit
2014-12-14 08:16:09 ----D---- C:\Program Files (x86)\R.G. Mechanics
2014-12-14 08:12:11 ----HD---- C:\Program Files\WindowsApps
2014-12-14 08:12:11 ----D---- C:\WINDOWS\AppReadiness
2014-12-14 01:00:00 ----D---- C:\WINDOWS\system32\sru
2014-12-13 17:25:45 ----RD---- C:\WINDOWS\System32
2014-12-13 17:25:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-13 17:20:41 ----D---- C:\Windows
2014-12-13 14:28:03 ----D---- C:\WINDOWS\SoftwareDistribution
2014-12-13 09:48:31 ----D---- C:\WINDOWS\debug
2014-12-13 09:32:08 ----D---- C:\Users\Libor\AppData\Roaming\TS3Client
2014-12-13 09:32:08 ----D---- C:\Program Files (x86)\Steam
2014-12-12 16:18:44 ----D---- C:\WINDOWS\rescache
2014-12-12 16:00:11 ----SHD---- C:\System Volume Information
2014-12-11 23:08:15 ----D---- C:\WINDOWS\system32\catroot
2014-12-11 18:45:30 ----D---- C:\WINDOWS\system32\config
2014-12-11 17:08:38 ----D---- C:\WINDOWS\system32\DriverStore
2014-12-11 16:57:38 ----D---- C:\WINDOWS\Microsoft.NET
2014-12-11 13:12:22 ----D---- C:\WINDOWS\CbsTemp
2014-12-11 13:10:19 ----D---- C:\WINDOWS\WinSxS
2014-12-11 07:08:48 ----D---- C:\WINDOWS\system32\catroot2
2014-12-10 23:02:05 ----SD---- C:\WINDOWS\system32\CompatTel
2014-12-10 23:02:05 ----SD---- C:\ProgramData\Microsoft
2014-12-10 23:02:05 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2014-12-10 23:02:05 ----D---- C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 23:02:05 ----D---- C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 23:02:05 ----D---- C:\WINDOWS\system32\cs-CZ
2014-12-10 23:02:04 ----D---- C:\Program Files\Internet Explorer
2014-12-10 23:02:04 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-10 23:02:03 ----D---- C:\WINDOWS\PolicyDefinitions
2014-12-10 23:01:38 ----D---- C:\Users\Libor\AppData\Roaming\IMVU
2014-12-10 17:38:12 ----D---- C:\WINDOWS\system32\MRT
2014-12-10 17:34:26 ----A---- C:\WINDOWS\system32\MRT.exe
2014-12-09 21:12:51 ----D---- C:\Users\Libor\AppData\Roaming\.minecraft
2014-12-09 20:56:38 ----D---- C:\Users\Libor\AppData\Roaming\FlowStone
2014-12-09 06:06:16 ----D---- C:\Users\Libor\AppData\Roaming\Skype
2014-12-08 17:06:13 ----SHD---- C:\WINDOWS\Installer
2014-12-08 17:06:13 ----D---- C:\ProgramData\Skype
2014-12-08 17:06:11 ----RD---- C:\Program Files (x86)\Skype
2014-12-07 20:39:49 ----D---- C:\Users\Libor\AppData\Roaming\IMVUClient
2014-12-06 11:28:15 ----D---- C:\Users\Libor\AppData\Roaming\uTorrent
2014-12-04 21:19:32 ----HD---- C:\WINDOWS\system32\GroupPolicy
2014-12-04 21:19:32 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2014-11-28 14:10:37 ----D---- C:\Program Files (x86)\GameforgeLive
2014-11-21 18:55:31 ----D---- C:\Users\Libor\AppData\Roaming\TeamViewer
2014-11-21 18:54:54 ----DC---- C:\WINDOWS\Panther
2014-11-16 08:41:13 ----D---- C:\WINDOWS\twain_32
2014-11-15 10:27:18 ----D---- C:\Users\Libor\AppData\Roaming\LSC
2014-11-15 10:27:13 ----RSD---- C:\WINDOWS\assembly
2014-11-15 10:27:00 ----D---- C:\Program Files\Lenovo
2014-11-15 10:24:23 ----D---- C:\WINDOWS\Downloaded Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [2012-11-30 80552]
R0 amd_xata;amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [2012-11-30 26280]
R0 amdkmpfd;@oem13.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\WINDOWS\System32\drivers\amdkmpfd.sys [2013-02-14 37472]
R0 LHDmgr;LHDmgr; C:\WINDOWS\System32\DRIVERS\LhdX64.sys [2013-08-17 39008]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R0 speedfan;speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [2012-12-29 28664]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2014-10-25 127760]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 AODDriver4.2;AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2013-09-19 59648]
R2 APXACC;@oem46.inf,%APPEX_ACC_SERVICE_NAME%;AppEx Networks Accelerator LWF; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [2013-04-18 219360]
R3 ACPIVPC;@oem55.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2013-08-17 33560]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2014-07-21 13209088]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2014-07-21 626688]
R3 AthBTPort;@oem5.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\WINDOWS\system32\DRIVERS\btath_flt.sys [2013-01-25 89168]
R3 athr;@oem10.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athw8x.sys [2013-03-25 3776000]
R3 AtiHDAudioService;@oem2.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdW86.sys [2013-04-23 98744]
R3 BTATH_A2DP;@oem4.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\WINDOWS\system32\drivers\btath_a2dp.sys [2013-01-25 346192]
R3 btath_avdt;@oem4.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\WINDOWS\system32\drivers\btath_avdt.sys [2013-01-25 115280]
R3 BTATH_BUS;@oem72.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2013-01-25 34384]
R3 BTATH_HCRP;@oem7.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\WINDOWS\System32\drivers\btath_hcrp.sys [2013-01-25 179432]
R3 BTATH_LWFLT;@oem16.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [2013-01-25 77464]
R3 BTATH_RCP;@oem11.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\WINDOWS\System32\drivers\btath_rcp.sys [2013-01-25 136424]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2014-04-28 599240]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-09-24 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2014-09-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-09-24 81920]
R3 CnxtHdAudService;@oem6.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2013-02-26 1680992]
R3 ETD;@oem8.inf,%PS2DeviceDesc%;ELAN PS/2 Port Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2013-02-27 355664]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\WINDOWS\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2014-11-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2014-12-14 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2014-11-21 64216]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2014-09-24 167424]
R3 rtsuvc;@oem39.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2013-04-10 8243272]
R3 tap0901t;@oem71.inf,%DeviceDescription%;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2012-08-28 58536]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2013-09-19 59648]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-09-24 1200640]
S3 EagleX64;EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys []
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2013-03-01 36600]
S3 RSUSBVSTOR;@oem68.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2013-03-18 327752]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-08-22 44544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2014-07-21 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-07-04 344064]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-01-25 227456]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792]
R2 CxAudMsg;Conexant Audio Message Service; C:\windows\system32\CxAudMsg64.exe [2012-12-03 202400]
R2 HiSuiteOuc64.exe;HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [2014-01-28 137024]
R2 HuaweiHiSuiteService64.exe;HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [2014-01-28 204096]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 VeriFaceSrv;VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [2013-08-17 68368]
R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09 267440]
S3 EasyAntiCheat;EasyAntiCheat; C:\WINDOWS\syswow64\EasyAntiCheat.exe [2014-10-15 175136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-21 107912]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-10-16 272776]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-12 833728]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-11-06 758224]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 14 pro 2014 08:57

Zdravim

Log z MBAMu byste nasel (mel by byt na zalozce Protokoly)

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Ascly · #3 Příspěvek od **Ascly** » 14 pro 2014 09:07

log z AdwCleaneru:
# AdwCleaner v4.105 - Report created 14/12/2014 at 09:03:17
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Libor - LIBA-PC
# Running from : C:\Users\Libor\Downloads\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DigiSaver
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\18323529834030665125
Folder Deleted : C:\ProgramData\fe4a414d44ab8da5
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Uniblue
Folder Deleted : C:\Users\Libor\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Libor\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Libor\AppData\LocalLow\Tbccint
Folder Deleted : C:\Users\Libor\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Libor\AppData\Roaming\Uniblue
File Deleted : C:\Users\Public\Desktop\driverscanner.lnk
File Deleted : C:\Users\Libor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
File Deleted : C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Deleted : C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal
File Deleted : C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage

***** [ Scheduled Tasks ] *****

Task Deleted : dsmonitor

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Libor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Libor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave
Key Deleted : HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT2612669
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08db33cf-6e01-4f13-9335-99d793dee4d7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2fab090d-4c27-480f-9051-6ad2a31b5c4f}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655345529}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666346629}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08db33cf-6e01-4f13-9335-99d793dee4d7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2fab090d-4c27-480f-9051-6ad2a31b5c4f}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{08db33cf-6e01-4f13-9335-99d793dee4d7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2fab090d-4c27-480f-9051-6ad2a31b5c4f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08db33cf-6e01-4f13-9335-99d793dee4d7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2fab090d-4c27-480f-9051-6ad2a31b5c4f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{08db33cf-6e01-4f13-9335-99d793dee4d7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2fab090d-4c27-480f-9051-6ad2a31b5c4f}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655345529}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666346629}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v39.0.2171.71

[C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EB7N%5EYYYY ... earchTerms}
[C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://home.sweetim.com/?crg=3.1010000.10014&barid={1EA1CC7A-3C6A-11E2-8087-000017996D15}

*************************

AdwCleaner[R0].txt - [11779 octets] - [14/12/2014 09:01:10]
AdwCleaner[S0].txt - [11422 octets] - [14/12/2014 09:03:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11483 octets] ##########

#4 Příspěvek od **vyosek** » 14 pro 2014 09:23

Pokracujte Zoek-em

Ascly · #5 Příspěvek od **Ascly** » 14 pro 2014 09:34

Log ze ZOEKA.exe:

Zoek.exe v5.0.0.0 Updated 12-December-2014
Tool run by Libor on ne 14. 12. 2014 at 9:08:18,84.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Libor\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14. 12. 2014 9:09:51 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\New Folder deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\PROGRA~3\LumaEmu_SteamCloud deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Orbit deleted successfully
C:\Users\Libor\AppData\Roaming\Mozilla deleted successfully
C:\Users\Libor\AppData\Local\CrashDumps deleted successfully
C:\Users\Libor\AppData\Local\LSC deleted successfully
C:\Users\Libor\AppData\Local\PackageStaging deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1003B596-5512-41FD-BED1-D4C4A6E88887} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11CB7786-1BE0-4121-B838-B7B3FE129774} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11DA332C-DBE5-46B5-99A5-452F5FD88AC2} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{173784AE-6C71-4525-9536-E3E8F7D06F73} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C362E88-D324-43B1-BCEB-520B889F11} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3138D3E-D9C6-4CA2-9EB8-8875DDED7FD6} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3207C125-CE5E-4317-9EB3-74552DEBF33} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{429EBF26-EC86-4B3E-AEB1-4DA63651825} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42B24A8E-FD50-4B62-97C2-6BCD69F6FD91} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4585FF2E-521D-4761-B7A6-52D56C41B249} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6192f9d8-0c0b-4bb7-b902-6fc304d79ca7} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B86E48-8E0F-4722-A7A8-FA9B789FD050} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7888533F-2651-4D15-B5F3-A64B4431F1B0} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{805F6710-DAB5-4DF1-B58A-ADEDC7A4883} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80E64CA9-B0D9-4D33-BBFD-FA73E924D912} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82707AD4-F79-4152-A1AE-7638E0183AF0} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B60C2E2-3118-41AF-A3B-50F5DAA958B6} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B7A1240-5B22-4F53-AB72-7ABEA47211F6} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B23399DC-319B-446F-AB9A-889F86F5F2F} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB0BD277-2794-457B-AA7F-EEF9E41FBE2F} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF1993ED-1907-4C42-A74C-438C59592D34} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d41a198c-0b23-4c9a-8f9d-a99b88fe1fb2} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6386ADD-1851-44CF-BD12-D480ABAC7FE} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E48D9443-94C7-4644-A31D-C8F6081CAF0} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2FF3900-E54E-4314-A6AA-A7DA60485A13} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F511A7F4-315F-4E21-9FFD-3052841DC583} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F74A3114-A47E-4FC3-8744-F3B3E9CD75B7} deleted successfully
HKEY_USERS\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA7482CB-4E51-4A1A-BA8F-134F76D2EB62} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6192f9d8-0c0b-4bb7-b902-6fc304d79ca7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d41a198c-0b23-4c9a-8f9d-a99b88fe1fb2} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\bgjchkmkefdnoocfkjicajhfdmaclnjn deleted
C:\Users\Libor\AppData\LocalLow\IMVU_Inc deleted
C:\Users\Libor\.android deleted
C:\PROGRA~2\Naruto Shippuden Ultimate Ninja Storm Revolution deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\tasks\PremiumAmplifier-S-3516579428.job deleted
C:\windows\SysNative\tasks\PremiumAmplifier-S-3516579428 deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\WINDOWS\Syswow64\SETDA64.tmp deleted
C:\WINDOWS\SysWow64\AI_RecycleBin deleted
"C:\Users\Libor\AppData\Local\LumaEmu" deleted

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.71 (Possible outdated, latest Stable version: 39.0.2171.95)

SoundCloud Button - Libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkpgbhhfnpjiembbpifcpfalfnflmop

==== Chromium Startpages ======================

C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://home.sweetim.com/?crg=3.1010000. ... 0017996D15}" ],

==== Chromium Fix ======================

C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkpgbhhfnpjiembbpifcpfalfnflmop deleted successfully
C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdkpgbhhfnpjiembbpifcpfalfnflmop_0.localstorage deleted successfully
C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdkpgbhhfnpjiembbpifcpfalfnflmop_0.localstorage-journal deleted successfully
C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gdkpgbhhfnpjiembbpifcpfalfnflmop deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{A9243CFC-2260-477F-92DF-83CD86ABAA01} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Libor\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Libor\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Libor\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Libor\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=425 folders=107 8463710178 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Libor\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Libor\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 14. 12. 2014 at 9:33:18,37 ======================

Ascly · #6 Příspěvek od **Ascly** » 14 pro 2014 09:35

Log z mbamu:

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/12/14 08:20:43 +0100</date>
<logfile>mbam-log-2014-12-14 (08-20-42).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2014.12.14.03</malware-database>
<rootkit-database>v2014.12.08.03</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Libor</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>328495</objects>
<time>822</time>
<processes>1</processes>
<modules>1</modules>
<keys>56</keys>
<values>1</values>
<datas>4</datas>
<folders>17</folders>
<files>117</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\ProgramData\Trusted Publisher\Masterware\PremiumAmplifier.exe</path><vendor>Trojan.Downloader</vendor><action>delete-on-reboot</action><pid>3416</pid><hash>457687db186475c1a2880db953af59a7</hash></process>
<module><path>C:\Program Files (x86)\DeltaFix\DeltaFix.dll</path><vendor>PUP.Optional.DeltaFix.A</vendor><action>delete-on-reboot</action><hash>2794550de29a5dd9b4ce66e9b152f50b</hash></module>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-3516579428</path><vendor>Trojan.Downloader</vendor><action>success</action><hash>457687db186475c1a2880db953af59a7</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{41fa692b-2aba-480c-8b70-bd170120392e}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{41FA692B-2ABA-480C-8B70-BD170120392E}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{41FA692B-2ABA-480C-8B70-BD170120392E}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\.</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\..9</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\.</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\..9</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{41FA692B-2ABA-480C-8B70-BD170120392E}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKU\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{41FA692B-2ABA-480C-8B70-BD170120392E}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKU\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{41FA692B-2ABA-480C-8B70-BD170120392E}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{41FA692B-2ABA-480C-8B70-BD170120392E}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{41FA692B-2ABA-480C-8B70-BD170120392E}</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{41FA692B-2ABA-480C-8B70-BD170120392E}\INPROCSERVER32</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></key>
<key><path>HKU\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>e3d82e34b0cc360056a1bc1258aa0af6</hash></key>
<key><path>HKU\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8a311250037983b37ecdf8dbbd451de3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8a311250037983b37ecdf8dbbd451de3</hash></key>
<key><path>HKU\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8a311250037983b37ecdf8dbbd451de3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8a311250037983b37ecdf8dbbd451de3</hash></key>
<key><path>HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>8932c1a1bbc10a2cf13b3f463dc6fc04</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>c4f7f270403cca6c9c69b0032cd8bb45</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>ae0d580adba11e1879571f448182d22e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SavePass 1.1</path><vendor>PUP.Optional.SavePass.A</vendor><action>success</action><hash>4972035f0676bb7ba6d497cd4bb8f20e</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SavePass 1.1-nv</path><vendor>PUP.Optional.SavePass.A</vendor><action>success</action><hash>bdfe0a58c4b8b87e6c0ea1c3946f14ec</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>febdd78b5e1e58de8dcd96d46a997888</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\29777</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>3586fb67f78580b6919b8500679c9d63</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-3516579428</path><vendor>PUP.Optional.Booster.A</vendor><action>success</action><hash>209b65fdf08c87af98d874f90300ef11</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}</path><vendor>PUP.Optional.Booster.A</vendor><action>success</action><hash>c2f9451d4537d066591871fc976cbe42</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>febd75ed6f0dc274ca90636705ff01ff</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>deddd68c572563d394c79e2c1fe536ca</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fc67e7a0</path><vendor>PUP.Optional.DeltaFix.A</vendor><action>success</action><hash>07b4c89a06768da90d74c38c976cf30d</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices</path><vendor>PUP.Optional.IEPluginServices.A</vendor><action>success</action><hash>ffbc98ca2f4d41f53afffd5a7d869a66</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect</path><vendor>PUP.Optional.WindowsMangerProtect.A</vendor><action>success</action><hash>b9025c06adcfda5cbe7cdc7b27dc1be5</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass 1.1</path><vendor>PUP.Optional.SavePass.A</vendor><action>success</action><hash>8437c79bbac2b58137459ec6be45f10f</hash></key>
<key><path>HKU\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>5e5db0b2eb9191a555505f5c2ed6837d</hash></key>
<key><path>HKU\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>794266fc720aa88e66050252887b7b85</hash></key>
<key><path>HKU\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass 1.1</path><vendor>PUP.Optional.SavePass.A</vendor><action>success</action><hash>6952fb67a8d4f244b1cb4222db286997</hash></key>
<key><path>HKU\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>d4e768fa2d4fb77f07281945e41f9f61</hash></key>
<key><path>HKU\S-1-5-21-1111126050-1134976462-3178825066-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\OB</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>10abb2b03e3ec76f7c0d135035ceeb15</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\istartsurf uninstall</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><valuename>path</valuename><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><valuedata>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</valuedata><hash>febdd78b5e1e58de8dcd96d46a997888</hash></value>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>PUP.Optional.IStartSurf.A</vendor><action>replaced</action><valuedata>http://www.istartsurf.com/web/?type=ds& ... ash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Page_URL</valuename><vendor>PUP.Optional.IStartSurf.A</vendor><action>replaced</action><valuedata>http://www.istartsurf.com/?type=hp&ts=1 ... ash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.IStartSurf.A</vendor><action>replaced</action><valuedata>http://www.istartsurf.com/?type=hp&ts=1 ... ash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>fbc064fea2da87af0ce2214ce421bc44</hash></data>
<folder><path>C:\Program Files (x86)\DeltaFix</path><vendor>PUP.Optional.DeltaFix.A</vendor><action>delete-on-reboot</action><hash>2794550de29a5dd9b4ce66e9b152f50b</hash></folder>
<folder><path>C:\Windows\Inf\mnckjtxp</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></folder>
<folder><path>C:\Windows\Inf\mnckjtxp\bitstreams</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></folder>
<folder><path>C:\Users\Libor\AppData\LocalLow\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></folder>
<folder><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></folder>
<folder><path>C:\ProgramData\IePluginServices</path><vendor>PUP.Optional.IePluginServices.A</vendor><action>success</action><hash>9f1cfc6693e9a591d097191856ad669a</hash></folder>
<folder><path>C:\ProgramData\IePluginServices\update</path><vendor>PUP.Optional.IePluginServices.A</vendor><action>success</action><hash>9f1cfc6693e9a591d097191856ad669a</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Download</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Install</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Offline</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></folder>
<folder><path>C:\Program Files (x86)\globalUpdate\Update\Offline\{B3457BA5-C63D-4B50-8F03-E66587FD76AA}</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></folder>
<folder><path>C:\Users\Libor\AppData\Roaming\istartsurf</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></folder>
<folder><path>C:\Users\Libor\AppData\Roaming\istartsurf\images</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></folder>
<folder><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\code</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></folder>
<folder><path>C:\Program Files (x86)\BuyNsave</path><vendor>PUP.Optional.BuyNSave.A</vendor><action>success</action><hash>f0cb352d8af22016909c72d9e81b17e9</hash></folder>
<file><path>C:\ProgramData\Trusted Publisher\Masterware\PremiumAmplifier.exe</path><vendor>Trojan.Downloader</vendor><action>delete-on-reboot</action><hash>457687db186475c1a2880db953af59a7</hash></file>
<file><path>C:\ProgramData\DigiSaver\rLZGZQimlUuK2F.x64.dll</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></file>
<file><path>C:\ProgramData\DigiSaver\rLZGZQimlUuK2F.dll</path><vendor>PUP.Optional.MultiPlug</vendor><action>success</action><hash>d8e3fd6587f58fa742b5e6dcbb46718f</hash></file>
<file><path>C:\Users\Libor\Downloads\flipsyde happy birthday acapella__3039_i1329580201_il2907051.exe</path><vendor>PUP.Optional.Amonetize</vendor><action>success</action><hash>0caf5d055e1eaa8cc775ffc549b8926e</hash></file>
<file><path>C:\Users\Libor\Downloads\data3.cab (1).exe</path><vendor>PUP.Optional.OneClickDownloader.A</vendor><action>success</action><hash>42790959a0dce05677d2b07f8b769868</hash></file>
<file><path>C:\Users\Libor\Downloads\torrent (1).exe</path><vendor>PUP.Optional.OneClickDownloader.A</vendor><action>success</action><hash>bffc164ce99386b05fead857fa074fb1</hash></file>
<file><path>C:\Users\Libor\Downloads\torrent.exe</path><vendor>PUP.Optional.OneClickDownloader.A</vendor><action>success</action><hash>497295cdd9a35ed89bae022dda2710f0</hash></file>
<file><path>C:\Users\Libor\Downloads\Zippyshare.com - Tev1.1.9-appxg.com.apk.exe</path><vendor>PUP.Optional.Multiplug</vendor><action>success</action><hash>ceed0c5696e695a16a1f00c526dba957</hash></file>
<file><path>C:\Users\Libor\Downloads\IMEI-Hack-Tool-v10_downloader-IchCKNQZH.exe</path><vendor>PUP.Optional.Somoto</vendor><action>success</action><hash>8734d191d8a4af87d64e8b528b79eb15</hash></file>
<file><path>C:\Users\Libor\Downloads\Bleach- Heat The Soul 7 English Patch.exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>e8d3511123593ff76a09c126976ad42c</hash></file>
<file><path>C:\Users\Libor\Downloads\PowerISO6.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>6c4fef73dba183b35fa20a8a46bf758b</hash></file>
<file><path>C:\Users\Libor\Downloads\CR_Downloader_for_need-for-speed-underground-rivals.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>dddebfa399e3fc3a0357fe53e0253bc5</hash></file>
<file><path>C:\Users\Libor\Downloads\wpepro09mod (1).zip</path><vendor>HackTool.Sniffer.WpePro</vendor><action>success</action><hash>12a9075b80fc51e51f0af97ed82db44c</hash></file>
<file><path>C:\Users\Libor\Downloads\EasyFarm Smallbot 11.08.2014.rar.exe</path><vendor>PUP.Optional.Unizeto</vendor><action>success</action><hash>d3e8ff6384f8a393e4cbc12c956c7f81</hash></file>
<file><path>C:\Program Files (x86)\DeltaFix\DeltaFix.dll</path><vendor>PUP.Optional.DeltaFix.A</vendor><action>delete-on-reboot</action><hash>2794550de29a5dd9b4ce66e9b152f50b</hash></file>
<file><path>C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage</path><vendor>PUP.Optional.AZLyrics.A</vendor><action>success</action><hash>f2c9d48ec0bcc6706feb420f27dc60a0</hash></file>
<file><path>C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal</path><vendor>PUP.Optional.AZLyrics.A</vendor><action>success</action><hash>45769cc6007ca1955802f45deb18da26</hash></file>
<file><path>C:\Windows\System32\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-1</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>c0fb0a5888f4bd79d58072f8a360867a</hash></file>
<file><path>C:\Windows\System32\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-11</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>e2d9f86aadcf8da9c98caac04cb7d52b</hash></file>
<file><path>C:\Windows\System32\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-2</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>2497045e512b32041f363b2f946fc937</hash></file>
<file><path>C:\Windows\System32\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-4</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>c6f5332f0c70d660df76a2c8e41fa25e</hash></file>
<file><path>C:\Windows\System32\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-5</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>0faccb9796e668cee075254563a003fd</hash></file>
<file><path>C:\Windows\System32\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-5_user</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>1d9e5d05601cd95d094c93d720e3ae52</hash></file>
<file><path>C:\Windows\System32\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-6</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>76457be7087461d5bf96fd6d27dc629e</hash></file>
<file><path>C:\Windows\System32\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-7</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>99227ee43349ca6c5df8cc9ec34018e8</hash></file>
<file><path>C:\Windows\SysWOW64\msstp.vbe</path><vendor>Trojan.Agent.VBS</vendor><action>success</action><hash>0ab1fc66dca048eeb4264742b94aa55b</hash></file>
<file><path>C:\Windows\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-1.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>3e7d164c3c40d4625b9bfdca8d77659b</hash></file>
<file><path>C:\Windows\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-11.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>813a540e1468ea4cad49a3243bc9ed13</hash></file>
<file><path>C:\Windows\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-2.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>bcff85dd3e3e9c9ad620c205a65e7b85</hash></file>
<file><path>C:\Windows\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-4.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>2c8f5c06daa296a066903d8adc28ba46</hash></file>
<file><path>C:\Windows\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-5.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>5863026099e3cd699a5c3592e123f010</hash></file>
<file><path>C:\Windows\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-5_user.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>d8e32a3897e5e74fc630ebdc6d97d12f</hash></file>
<file><path>C:\Windows\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-6.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>9c1f243e90ec1b1b5a9c3d8aea1ab34d</hash></file>
<file><path>C:\Windows\Tasks\bd7943a9-5b5a-4602-9f9e-ddb071f16622-7.job</path><vendor>PUP.Optional.CrossRider.T</vendor><action>success</action><hash>7942451d49333afc34c2d9ee6e9640c0</hash></file>
<file><path>C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2893a0c2a1db5dd9e12bc5034abac838</hash></file>
<file><path>C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>3883e87a08748da9000d3c8cf01418e8</hash></file>
<file><path>C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2a91e2800c707eb8df2fcafe0afae020</hash></file>
<file><path>C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ead1bea4ed8fcb6b8e814781867ed927</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\diablo130302.cl</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\diakgcn121016.cl</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\libcurl-4.dll</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\libeay32.dll</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\libidn-11.dll</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\librtmp.dll</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\libssh2.dll</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\mnckjtxp.exe</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\phatk121016.cl</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\poclbm130302.cl</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\scrypt130511.cl</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\ssleay32.dll</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\zlib1.dll</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Windows\Inf\mnckjtxp\bitstreams\fpgaminer_top_fixed7_197MHz.ncd</path><vendor>Trojan.Agent.BCM</vendor><action>success</action><hash>8239f270d9a379bdf13c8e90b94ac040</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\1.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\a.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\b.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\c.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\d.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\e.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\f.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\g.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\h.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\i.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\j.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\k.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\l.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\m.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\n.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\o.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\p.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\q.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\r.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\s.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\t.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\u.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\v.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\w.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\x.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\y.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\Users\Libor\AppData\LocalLow\PriceGong\Data\z.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>a6151b47413b7db9b1ad36e9956eeb15</hash></file>
<file><path>C:\ProgramData\IePluginServices\update\conf</path><vendor>PUP.Optional.IePluginServices.A</vendor><action>success</action><hash>9f1cfc6693e9a591d097191856ad669a</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>9e1d20427c00f145fd9938fdb05328d8</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\278.json</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\MessageBox.xml</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\uninstallDlg2.xml</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\UninstallManager.exe</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\bg.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\bg1.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\bk_shadow.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\button.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\button1.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\checkbox.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\checkbox_select.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\checked.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\close.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\loading_bg.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\loading_light.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\min.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\scrollbar.bmp</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\Thumbs.db</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\unchecked.png</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\code\code1.jpg</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\code\code2.jpg</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\code\code3.jpg</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\code\code4.jpg</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\code\code5.jpg</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\code\code6.jpg</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
<file><path>C:\Users\Libor\AppData\Roaming\istartsurf\images\code\Thumbs.db</path><vendor>PUP.Optional.IStartSurf.A</vendor><action>success</action><hash>dcdf6ef40d6fd3639c5a66d5c83b15eb</hash></file>
</items>
</mbam-log>

#7 Příspěvek od **vyosek** » 14 pro 2014 09:36

Fajn, poprosim nyni o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Ascly · #8 Příspěvek od **Ascly** » 14 pro 2014 09:43

FRST.TXT:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Libor (administrator) on LIBA-PC on 14-12-2014 09:40:11
Running from C:\Users\Libor\Desktop
Loaded Profile: Libor (Available profiles: Libor)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Libor\Desktop\FRSTLauncher (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-17] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [4StoryPrePatch] => C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe [327680 2014-04-24] (Zemi Interactive Inc.)
HKLM-x32\...\Run: [MSStp] => C:\windows\system32\msstp.vbe
HKLM-x32\...\Run: [mnckjtxpSrv] => C:\windows\inf\mnckjtxp.vbe [1342 2014-01-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-25] (Power Software Ltd)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\...\MountPoints2: {7cf621d6-06e9-11e3-be6d-806e6f6e6963} - "E:\setup.exe"
Startup: C:\Users\Libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
ShortcutTarget: GamersFirst LIVE!.lnk -> C:\Users\Libor\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Startup: C:\Users\Libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PSPdisp.lnk
ShortcutTarget: PSPdisp.lnk -> C:\Program Files (x86)\PSPdisp\bin\app\PSPdisp.exe (JJS)
Startup: C:\Users\Libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk
ShortcutTarget: Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
URLSearchHook: HKU\S-1-5-21-1111126050-1134976462-3178825066-1002 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
URLSearchHook: HKU\S-1-5-21-1111126050-1134976462-3178825066-1002 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1111126050-1134976462-3178825066-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IMVU Inc Toolbar -> {90b49673-5506-483e-b92b-ca0265bd9ca8} -> C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - IMVU Inc Toolbar - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
Toolbar: HKU\S-1-5-21-1111126050-1134976462-3178825066-1002 -> IMVU Inc Toolbar - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 10.0.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1111126050-1134976462-3178825066-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Libor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-14]
CHR Extension: (Docs) - C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-14]
CHR Extension: (Disk Google) - C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-14]
CHR Extension: (YouTube) - C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-14]
CHR Extension: (Vyhledávání Google) - C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-14]
CHR Extension: (Tabulky Google) - C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-14]
CHR Extension: (Gmail) - C:\Users\Libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [175136 2014-10-15] (EasyAntiCheat Ltd)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [137024 2014-01-28] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [204096 2014-01-28] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-08-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 09:40 - 2014-12-14 09:40 - 00018196 _____ () C:\Users\Libor\Desktop\FRST.txt
2014-12-14 09:39 - 2014-12-14 09:40 - 00000000 ____D () C:\FRST
2014-12-14 09:38 - 2014-12-14 09:38 - 02119168 _____ (Farbar) C:\Users\Libor\Desktop\FRST64.exe
2014-12-14 09:38 - 2014-12-14 09:38 - 00112640 _____ (forum.viry.cz) C:\Users\Libor\Desktop\FRSTLauncher (1).exe
2014-12-14 09:37 - 2014-12-14 09:37 - 00112640 _____ (forum.viry.cz) C:\Users\Libor\Downloads\Nepotvrzeno 483507.crdownload
2014-12-14 09:31 - 2014-12-14 09:08 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-12-14 09:24 - 2014-12-14 08:35 - 00085442 _____ () C:\Users\Libor\Desktop\mbam-log-2014-12-14 (08-20-42).xml
2014-12-14 09:09 - 2014-12-14 09:33 - 00013170 _____ () C:\zoek-results.log
2014-12-14 09:08 - 2014-12-14 09:29 - 00000000 ____D () C:\zoek_backup
2014-12-14 09:08 - 2014-12-14 09:08 - 01295360 _____ () C:\Users\Libor\Downloads\zoek.exe
2014-12-14 09:00 - 2014-12-14 09:03 - 00000000 ____D () C:\AdwCleaner
2014-12-14 08:59 - 2014-12-14 09:00 - 02166272 _____ () C:\Users\Libor\Downloads\adwcleaner_4.105.exe
2014-12-14 08:49 - 2014-12-14 08:49 - 00000000 ____D () C:\rsit
2014-12-14 08:49 - 2014-12-14 08:49 - 00000000 ____D () C:\Program Files\trend micro
2014-12-14 08:46 - 2014-12-14 08:46 - 01222144 _____ () C:\Users\Libor\Downloads\RSITx64.exe
2014-12-14 08:20 - 2014-12-14 09:33 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-14 08:20 - 2014-12-14 08:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-14 08:19 - 2014-12-14 08:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-14 08:19 - 2014-12-14 08:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-14 08:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-14 08:19 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-14 08:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-14 08:13 - 2014-12-14 08:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Libor\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-13 17:20 - 2014-12-14 09:32 - 00041722 _____ () C:\WINDOWS\PFRO.log
2014-12-13 17:06 - 2014-12-13 17:06 - 00000000 ____D () C:\ProgramData\Block The Ads
2014-12-13 14:24 - 2014-12-14 09:15 - 00001533 _____ () C:\WINDOWS\setupact.log
2014-12-13 14:24 - 2014-12-13 14:24 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-13 09:46 - 2014-12-14 09:35 - 00204561 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-13 09:08 - 2014-12-13 09:08 - 00001960 _____ () C:\Users\Public\Desktop\Metin2.lnk
2014-12-13 09:08 - 2014-12-13 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2014-12-13 08:53 - 2014-12-13 08:56 - 06571359 _____ () C:\Users\Libor\Downloads\Metin2Mod_PL_0912014.exe
2014-12-11 22:38 - 2014-12-11 22:38 - 24798820 _____ () C:\Users\Libor\Downloads\Compressed_9androidapps.com.zip
2014-12-11 22:29 - 2014-12-11 22:36 - 664416094 _____ () C:\Users\Libor\Downloads\wrc_9androidapps.com.zip
2014-12-11 13:38 - 2014-12-11 13:44 - 672051920 _____ () C:\Users\Libor\Downloads\HUAWEI_Ascend_G510_Firmware（_G510-0200%2CAndroid_4.1%2CEmotion_UI%2CV100R001C00B176CUSTCZEC40D001%2CCzech-Telefonica%2C05011NFW）.zip
2014-12-11 13:20 - 2014-12-11 13:34 - 128292080 _____ () C:\Users\Libor\Downloads\HUAWEI_G510-0200,JellyBean,kernel-3.4.0.rar
2014-12-11 07:27 - 2014-12-11 07:31 - 39730808 _____ () C:\Users\Libor\Downloads\HUAWEI_G510-0200,JellyBean,kernel-3.4.0.rar.crdownload
2014-12-11 07:10 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-11 07:10 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-11 07:04 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-11 07:04 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 23:02 - 2014-12-10 23:02 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 07:13 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 07:13 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 07:13 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 07:13 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 07:13 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 07:13 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 07:13 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 07:13 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 07:13 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 07:13 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 07:13 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 07:13 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 07:13 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 07:06 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 07:06 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 07:06 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 07:06 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 07:06 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 07:06 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 07:06 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 07:06 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 07:06 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 07:06 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 07:06 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 07:06 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 07:06 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 07:06 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 07:06 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 07:06 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 07:06 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 07:06 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 07:06 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 07:06 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 07:06 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 07:06 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 07:06 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 07:06 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 07:06 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 07:06 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 07:06 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 07:06 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 07:06 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 07:06 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 07:06 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 07:06 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 07:06 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 07:06 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 07:06 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 07:06 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 07:06 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 07:06 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 07:06 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 07:06 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 07:06 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 07:06 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 07:06 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 07:06 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 07:06 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 20:22 - 2014-12-09 20:22 - 01411240 _____ () C:\Users\Libor\Downloads\looperman-l-0930048-0067082-h3yimseth-snareland-drum-loop (1).wav
2014-12-09 20:17 - 2014-12-09 20:17 - 01411378 _____ () C:\Users\Libor\Downloads\looperman-l-1074761-0074578-jaceziii-hiphop-drum-loop-120bpm.wav
2014-12-09 20:16 - 2014-12-09 20:16 - 02822444 _____ () C:\Users\Libor\Downloads\looperman-l-1094884-0074354-davidmacknh-number-3 (1).wav
2014-12-08 07:50 - 2014-12-11 07:08 - 00000000 ____D () C:\Users\Libor\Documents\mereni
2014-12-07 21:10 - 2014-12-07 21:10 - 01081992 _____ (Unity Technologies ApS) C:\Users\Libor\Downloads\UnityWebPlayer.exe
2014-12-07 21:10 - 2014-12-07 21:10 - 00000000 ____D () C:\Users\Libor\AppData\Local\Unity
2014-12-07 16:20 - 2014-12-07 16:20 - 02419244 _____ () C:\Users\Libor\Downloads\looperman-l-0403648-0066284-sintheticrecords-sinthetic-metal-drum-series-43-140.wav
2014-12-07 16:20 - 2014-12-07 16:20 - 02419244 _____ () C:\Users\Libor\Downloads\looperman-l-0403648-0066274-sintheticrecords-sinthetic-metal-drum-series-42-140.wav
2014-12-07 16:16 - 2014-12-07 16:16 - 04838444 _____ () C:\Users\Libor\Downloads\looperman-l-1044386-0069870-timmydarkside-guardians-at-the-gate-main-b.wav
2014-12-07 16:16 - 2014-12-07 16:16 - 04838444 _____ () C:\Users\Libor\Downloads\looperman-l-1044386-0069869-timmydarkside-guardians-at-the-gate-main-a.wav
2014-12-07 16:11 - 2014-12-07 16:11 - 01210622 _____ () C:\Users\Libor\Downloads\looperman-l-0237471-0026802-djmothbeatz-lin-violin-spiccato-normal-part.wav
2014-12-07 16:10 - 2014-12-07 16:10 - 01210622 _____ () C:\Users\Libor\Downloads\looperman-l-0237471-0026806-djmothbeatz-lin-violin-spiccato-high-part-2.wav
2014-12-07 13:41 - 2014-12-07 13:48 - 00005566 _____ () C:\Users\Libor\Downloads\historie.txt
2014-12-07 13:34 - 2014-12-07 13:34 - 11119489 _____ () C:\Users\Libor\Downloads\chmatakov15 (2).exe
2014-12-07 13:33 - 2014-12-07 13:33 - 02709396 _____ () C:\Users\Libor\Downloads\chmatakov15 (1).exe
2014-12-06 12:13 - 2014-12-06 12:13 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\Steam
2014-12-06 12:11 - 2014-12-06 12:11 - 00001302 _____ () C:\Users\Libor\Desktop\Naruto Shippuden Ultimate Ninja Storm Revolution.lnk
2014-12-06 12:11 - 2014-12-06 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Naruto Shippuden Ultimate Ninja Storm Revolution
2014-12-06 08:46 - 2014-12-06 11:40 - 00000000 ____D () C:\Users\Libor\Downloads\Naruto Shippuden Ultimate Ninja Storm Revolution-CODEX
2014-12-05 22:50 - 2014-12-05 22:50 - 04836608 _____ () C:\Users\Libor\Downloads\looperman-l-0711069-0071398-kristijann-non-can-sto-me-now-drumbeat.wav
2014-12-05 22:20 - 2014-12-05 22:20 - 02419244 _____ () C:\Users\Libor\Downloads\looperman-l-0159051-0074603-minor2go-piano-quality-thrill-of-speed-1.wav
2014-12-05 22:19 - 2014-12-05 22:19 - 02419244 _____ () C:\Users\Libor\Downloads\looperman-l-0159051-0074602-minor2go-piano-quality-thrill-of-speed-2.wav
2014-12-05 22:13 - 2014-12-05 22:13 - 04840024 _____ () C:\Users\Libor\Downloads\looperman-l-1044386-0076347-timmydarkside-childhood.wav
2014-12-05 21:59 - 2014-12-05 21:59 - 01128956 _____ () C:\Users\Libor\Downloads\looperman-l-0668753-0064767-dozydevil-eminem-style-drums.wav
2014-12-05 14:04 - 2014-12-05 14:04 - 00000000 ____D () C:\Temp
2014-12-04 21:19 - 2014-12-14 09:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-04 21:19 - 2014-12-04 21:19 - 00640424 _____ (Akeo Consulting (http://akeo.ie)) C:\Users\Libor\Downloads\rufus-1.4.12.exe
2014-12-04 20:36 - 2014-12-04 20:50 - 00000000 ____D () C:\pebuilder3110a
2014-12-04 20:36 - 2014-12-04 20:36 - 03306678 _____ (Bart Lagerweij ) C:\Users\Libor\Downloads\pebuilder3110a.exe
2014-12-04 20:36 - 2014-12-04 20:36 - 00000636 _____ () C:\Users\Libor\Desktop\PE Builder.lnk
2014-12-04 20:36 - 2014-12-04 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Builder
2014-12-04 19:53 - 2014-12-04 19:53 - 00001034 _____ () C:\Users\Public\Desktop\PowerISO.lnk
2014-12-04 19:53 - 2014-12-04 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-12-04 19:53 - 2014-12-04 19:53 - 00000000 ____D () C:\Program Files (x86)\PowerISO
2014-12-04 19:53 - 2014-10-25 13:37 - 00127760 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2014-12-04 19:45 - 2014-12-04 19:52 - 647823360 _____ () C:\Users\Libor\Downloads\Windows_XP_Professional_SP3_Nov_2013_Incl_SATA_Drivers.iso
2014-12-02 20:56 - 2014-12-02 20:56 - 35355617 _____ () C:\Users\Libor\Downloads\KALI A PETER PANN JACKPOT OFFICIAL 4K VIDEO [mp3s.nadruhou.net].mp4
2014-12-01 22:50 - 2014-12-01 22:50 - 00000000 ____D () C:\Users\Libor\Documents\GTA San Andreas User Files
2014-11-30 13:08 - 2014-11-30 13:05 - 28384540 _____ () C:\Users\Libor\Desktop\VID_20141130_130435.mp4
2014-11-30 08:40 - 2014-11-30 08:41 - 127307464 _____ (Nadeo ) C:\Users\Libor\Downloads\Maniaplanet_Setup_TMStadium (1).exe
2014-11-29 10:33 - 2014-11-29 10:33 - 00001989 _____ () C:\Users\Libor\Desktop\Metin2Mod_Launch.exe – zástupce.lnk
2014-11-29 10:26 - 2014-11-29 10:26 - 06442539 _____ () C:\Users\Libor\Downloads\Metin2Mod_PL_27112014.rar
2014-11-29 10:24 - 2014-11-29 10:28 - 00021416 _____ () C:\Users\Libor\Downloads\software_removal_tool.log
2014-11-29 10:19 - 2014-11-29 10:19 - 00700838 _____ () C:\Users\Libor\Desktop\EasyFarm Smallbot 11.08.2014.rar
2014-11-28 14:03 - 2014-11-28 14:04 - 04955154 _____ () C:\Users\Libor\Downloads\Fish Bot.rar
2014-11-28 09:53 - 2013-10-03 21:36 - 10453895 _____ () C:\Users\Libor\Desktop\Daisyna-frnda-pls.flv
2014-11-28 08:56 - 2014-11-28 09:59 - 00000000 ____D () C:\Users\Libor\Downloads\Insanity Asylum
2014-11-25 22:33 - 2014-11-25 22:33 - 01209644 _____ () C:\Users\Libor\Downloads\looperman-l-1308607-0076555-jaspuh-hip-hop-beat-2 (1).wav
2014-11-25 22:31 - 2014-11-25 22:31 - 04838546 _____ () C:\Users\Libor\Downloads\looperman-l-1059144-0078676-ebaby8119-you-finish-it-drumz.wav
2014-11-25 22:25 - 2014-11-25 22:25 - 01658412 _____ () C:\Users\Libor\Downloads\looperman-l-0711069-0063568-kristijann-go-swizz.wav
2014-11-25 22:04 - 2014-11-25 22:04 - 03057552 _____ () C:\Users\Libor\Downloads\looperman-l-0121957-0005186-musicwizard-bendy-pad-in-gm.wav
2014-11-25 21:58 - 2014-11-25 21:58 - 01881778 _____ () C:\Users\Libor\Downloads\looperman-l-0782612-0078015-40a-fl-9-reach-the-top.wav
2014-11-25 21:52 - 2014-11-25 21:52 - 01638444 _____ () C:\Users\Libor\Downloads\looperman-l-0531700-0051334-loopfreak-do-your-work-drums.wav
2014-11-24 18:11 - 2014-11-24 18:11 - 00020617 _____ () C:\Users\Libor\Desktop\recept - Libor Šírl E2.odt
2014-11-24 17:55 - 2014-11-24 17:55 - 00012157 _____ () C:\Users\Libor\Desktop\pozvanka - Libor Šírl E2.odt
2014-11-23 21:31 - 2014-11-23 21:31 - 03640614 _____ () C:\Users\Libor\Downloads\looperman-l-0857244-0072116-rojo95-808-trap-snare-roll (1).wav
2014-11-23 09:22 - 2014-11-23 09:22 - 02419378 _____ () C:\Users\Libor\Downloads\looperman-l-0689594-0071382-thethclovesme-sluggish-beat.wav
2014-11-23 09:17 - 2014-11-23 09:18 - 01209644 _____ () C:\Users\Libor\Downloads\looperman-l-0951651-0065420-stridefire-chillstep-drums.wav
2014-11-23 09:16 - 2014-11-23 09:16 - 01209644 _____ () C:\Users\Libor\Downloads\looperman-l-0951651-0066851-stridefire-chillstep-drums-alt.wav
2014-11-23 09:09 - 2014-11-23 09:09 - 01209644 _____ () C:\Users\Libor\Downloads\looperman-l-1193372-0072273-ozoneofficial-alone-strings.wav
2014-11-23 09:06 - 2014-11-23 09:06 - 01211354 _____ () C:\Users\Libor\Downloads\looperman-l-1243210-0078581-gore33-filthystep-hats.wav
2014-11-23 09:05 - 2014-11-23 09:05 - 01211354 _____ () C:\Users\Libor\Downloads\looperman-l-1243210-0078570-gore33-dubstep-buildup-tool.wav
2014-11-23 09:03 - 2014-11-23 09:03 - 02419378 _____ () C:\Users\Libor\Downloads\looperman-l-0793724-0078428-ultracryptik-the-heaviest-and-filthiest-dubstep-beat-ever-made.wav
2014-11-23 09:01 - 2014-11-23 09:01 - 02420780 _____ () C:\Users\Libor\Downloads\looperman-l-1316351-0078324-totte23-hard-synth-melody-140-bpm.wav
2014-11-23 08:59 - 2014-11-23 09:00 - 02419378 _____ () C:\Users\Libor\Downloads\looperman-l-0218753-0077401-djcriz3y-dark-intro-2-criz.wav
2014-11-23 08:59 - 2014-11-23 08:59 - 02419378 _____ () C:\Users\Libor\Downloads\looperman-l-0218753-0077270-djcriz3y-dark-intro-criz.wav
2014-11-23 08:46 - 2014-11-23 08:46 - 02419378 _____ () C:\Users\Libor\Downloads\looperman-l-0840075-0077659-mariosh-trap-bangers.wav
2014-11-23 08:42 - 2014-11-23 08:42 - 02419376 _____ () C:\Users\Libor\Downloads\looperman-l-1223319-0078405-smokyleopard-katana-140-bpm (1).wav
2014-11-23 08:42 - 2014-11-23 08:42 - 02413796 _____ () C:\Users\Libor\Downloads\looperman-l-0711069-0078470-kristijann-trap-drumloop.wav
2014-11-22 19:18 - 2014-11-22 19:18 - 00002006 _____ () C:\Users\Public\Desktop\World of Metin2.lnk
2014-11-22 19:18 - 2014-11-22 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Metin2
2014-11-22 19:16 - 2014-11-22 19:20 - 00000000 ____D () C:\Program Files (x86)\World of Metin2
2014-11-22 19:13 - 2014-11-22 19:15 - 1202530715 _____ () C:\Users\Libor\Downloads\wom2_installer_20140921.exe
2014-11-22 07:56 - 2014-11-22 07:56 - 02822546 _____ () C:\Users\Libor\Downloads\looperman-l-1059144-0069992-ebaby8119-bang-trap-drumz-120bpm-8-barz-with-out-vox (1).wav
2014-11-22 07:44 - 2014-11-22 07:44 - 02824414 _____ () C:\Users\Libor\Downloads\looperman-l-0672953-0075201-ozzi-emotional-piano-ii-120bpm.wav
2014-11-22 07:44 - 2014-11-22 07:44 - 02824414 _____ () C:\Users\Libor\Downloads\looperman-l-0672953-0075200-ozzi-emotional-piano-ii-120bpm.wav
2014-11-22 07:22 - 2014-11-22 07:22 - 00705896 _____ () C:\Users\Libor\Downloads\looperman-l-1266563-0075221-mistertofficiai-play-them-drums.wav
2014-11-22 07:20 - 2014-11-22 07:20 - 01411334 _____ () C:\Users\Libor\Downloads\looperman-l-0025227-0000585-insanesmilie-insane-moonlight-piano-roll.wav
2014-11-22 07:20 - 2014-11-22 07:20 - 01411334 _____ () C:\Users\Libor\Downloads\looperman-l-0025227-0000584-insanesmilie-insane-trance-chords.wav
2014-11-22 07:20 - 2014-11-22 07:20 - 01411320 _____ () C:\Users\Libor\Downloads\looperman-l-0025227-0000408-insanesmilie-insane-deep-piano-roll.wav
2014-11-21 18:53 - 2014-11-21 18:53 - 04977216 _____ (Piriform Ltd) C:\Users\Libor\Downloads\ccsetup419.exe
2014-11-21 18:53 - 2014-11-21 18:53 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-11-21 18:53 - 2014-11-21 18:53 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-21 18:53 - 2014-11-21 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-21 18:53 - 2014-11-21 18:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-21 18:51 - 2014-11-21 18:51 - 00000000 ____D () C:\Users\Libor\AppData\Local\Deployment
2014-11-21 18:51 - 2014-11-21 18:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-21 18:37 - 2014-11-21 18:37 - 00000000 __SHD () C:\Users\Libor\AppData\Local\EmieBrowserModeList
2014-11-19 05:27 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 05:27 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 05:27 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 05:27 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-16 14:48 - 2014-11-16 14:50 - 00147966 _____ () C:\Users\Libor\Downloads\Kontrolní-práv.odt
2014-11-16 09:11 - 2014-11-16 09:11 - 01669754 _____ () C:\Users\Libor\Desktop\praxe.rar
2014-11-16 08:58 - 2014-11-16 08:58 - 06689776 _____ () C:\Users\Libor\Downloads\HPPSdr (1).exe
2014-11-16 08:48 - 2014-11-16 09:08 - 00000000 ____D () C:\Users\Libor\Desktop\praxe
2014-11-16 08:42 - 2014-11-23 09:22 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\HpUpdate
2014-11-16 08:42 - 2014-11-16 08:42 - 00003620 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series
2014-11-16 08:42 - 2014-11-16 08:42 - 00002303 _____ () C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk
2014-11-16 08:42 - 2014-11-16 08:42 - 00002018 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-11-16 08:42 - 2014-11-16 08:42 - 00001225 _____ () C:\Users\Public\Desktop\Zakoupit spotřební materiál - HP Deskjet 2050 J510 series.lnk
2014-11-16 08:42 - 2014-11-16 08:42 - 00000000 ____D () C:\ProgramData\Visan
2014-11-16 08:42 - 2014-11-16 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-16 08:42 - 2014-11-16 08:42 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-11-16 08:42 - 2014-11-16 08:42 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-11-16 08:41 - 2014-11-16 08:41 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-11-16 08:41 - 2014-11-16 08:41 - 00000000 ____D () C:\Program Files\HP
2014-11-16 08:40 - 2014-11-16 08:40 - 00000000 ____D () C:\Users\Libor\AppData\Local\HP
2014-11-16 08:38 - 2014-11-16 08:58 - 00002039 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-11-16 08:38 - 2014-11-16 08:42 - 00000000 ____D () C:\Program Files (x86)\HP
2014-11-16 08:38 - 2014-11-16 08:38 - 06689776 _____ () C:\Users\Libor\Downloads\HPPSdr.exe
2014-11-16 08:37 - 2014-11-16 08:38 - 51344832 _____ () C:\Users\Libor\Downloads\DJ2050_J510_1313-1.exe
2014-11-16 08:31 - 2014-11-16 08:41 - 00000000 ____D () C:\ProgramData\HP
2014-11-15 23:04 - 2014-11-15 23:04 - 00769804 _____ () C:\Users\Libor\Downloads\looperman-l-1132369-0069059-exclusion-neurohop-drums-b.wav
2014-11-15 23:02 - 2014-11-15 23:03 - 03079158 _____ () C:\Users\Libor\Downloads\looperman-l-1074165-0074483-zsb410-glitch-hop-snare-build-up.wav
2014-11-15 22:43 - 2014-11-15 22:43 - 01235138 _____ () C:\Users\Libor\Downloads\looperman-l-0089446-0007142-gameboix-snare-perc-and-stab.wav
2014-11-15 22:40 - 2014-11-15 22:40 - 03024934 _____ () C:\Users\Libor\Downloads\looperman-l-0345547-0051151-cufool-dubstep-rise.wav
2014-11-15 19:51 - 2014-11-15 19:51 - 01306932 _____ () C:\Users\Libor\Downloads\looperman-l-0189460-0045282-baseelements-future-disco-beat-02.wav
2014-11-15 19:45 - 2014-11-15 19:45 - 01302826 _____ () C:\Users\Libor\Downloads\looperman-l-0754067-0073363-mooz-boss-dr-110-drum-loop-no1.wav
2014-11-15 19:19 - 2014-11-15 19:19 - 02608012 _____ () C:\Users\Libor\Downloads\looperman-l-0962459-0064555-producerh-war-drums.wav
2014-11-15 19:19 - 2014-11-15 19:19 - 02608012 _____ () C:\Users\Libor\Downloads\looperman-l-0962459-0064555-producerh-war-drums (1).wav
2014-11-15 19:16 - 2014-11-15 19:16 - 01302692 _____ () C:\Users\Libor\Downloads\looperman-l-0752375-0066248-ekkotheamatuer-eugenes-trap-drums.wav
2014-11-15 19:10 - 2014-11-15 19:10 - 01302876 _____ () C:\Users\Libor\Downloads\looperman-l-1039352-0074796-cappyissocool-wheres-the-hiphop-drums.wav
2014-11-15 13:59 - 2014-11-15 13:59 - 02419376 _____ () C:\Users\Libor\Downloads\looperman-l-1223319-0078405-smokyleopard-katana-140-bpm.wav
2014-11-15 13:56 - 2014-11-15 13:56 - 00384916 _____ () C:\Users\Libor\Downloads\looperman-l-0159051-0028555-minor2go-the-street-is-merciless-drums-1.wav
2014-11-15 13:55 - 2014-11-15 13:55 - 01539532 _____ () C:\Users\Libor\Downloads\looperman-l-0159051-0028560-minor2go-the-street-is-merciless-strings-full.wav
2014-11-15 13:55 - 2014-11-15 13:55 - 00769788 _____ () C:\Users\Libor\Downloads\looperman-l-0159051-0028556-minor2go-the-street-is-merciless-drumline.wav
2014-11-15 13:54 - 2014-11-15 13:54 - 01539532 _____ () C:\Users\Libor\Downloads\looperman-l-0159051-0028558-minor2go-the-street-is-merciless-bassline.wav
2014-11-15 13:53 - 2014-11-15 13:53 - 01539532 _____ () C:\Users\Libor\Downloads\looperman-l-0159051-0028562-minor2go-the-street-is-merciless-piano.wav
2014-11-15 13:53 - 2014-11-15 13:53 - 01539532 _____ () C:\Users\Libor\Downloads\looperman-l-0159051-0028561-minor2go-the-street-is-merciless-piano-high-notes-only.wav
2014-11-15 13:52 - 2014-11-15 13:52 - 04618508 _____ () C:\Users\Libor\Downloads\looperman-l-0159051-0028564-minor2go-the-street-is-merciless-full-example.wav
2014-11-15 10:27 - 2014-11-15 10:27 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-11-15 09:20 - 2014-11-15 09:20 - 00705778 _____ () C:\Users\Libor\Downloads\looperman-l-0878670-0073788-ckdepaul13-simple-modern-hip-hop-drum-loop (1).wav
2014-11-15 08:57 - 2014-11-15 08:57 - 02822444 _____ () C:\Users\Libor\Downloads\looperman-l-1094884-0074354-davidmacknh-number-3.wav
2014-11-15 08:57 - 2014-11-15 08:57 - 00705778 _____ () C:\Users\Libor\Downloads\looperman-l-0754067-0074087-mooz-premier-hip-hop-drum-loop-no3-120bpm.wav
2014-11-15 08:55 - 2014-11-15 08:56 - 01412356 _____ () C:\Users\Libor\Downloads\looperman-l-1277953-0078431-richkid-the-search-is-on.wav
2014-11-14 23:30 - 2014-11-14 23:30 - 00731295 _____ () C:\Users\Libor\Downloads\holky-pubertacky--do-naha.rar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 09:40 - 2014-08-22 17:06 - 00000962 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 09:38 - 2014-09-13 09:03 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1111126050-1134976462-3178825066-1002
2014-12-14 09:35 - 2014-08-22 17:07 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 09:33 - 2014-10-24 16:47 - 00000000 ____D () C:\Users\Libor\OneDrive
2014-12-14 09:32 - 2014-08-23 06:22 - 11615058 _____ () C:\Users\Public\CAFADEBUG.log
2014-12-14 09:32 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-14 09:32 - 2013-08-17 04:51 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2014-12-14 09:29 - 2014-10-24 16:15 - 00000000 ____D () C:\Users\Libor
2014-12-14 09:29 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-14 09:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-12-14 09:20 - 2014-08-22 10:42 - 02565120 ___SH () C:\Users\Libor\Downloads\Thumbs.db
2014-12-14 09:09 - 2014-10-11 14:07 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-14 09:04 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-14 09:03 - 2014-08-22 17:02 - 00000992 _____ () C:\Users\Libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-14 09:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-14 09:01 - 2014-08-22 11:17 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\TS3Client
2014-12-14 08:56 - 2014-08-22 17:06 - 00000966 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 08:54 - 2014-09-24 17:23 - 01745984 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-14 08:54 - 2014-09-24 16:39 - 00739924 _____ () C:\WINDOWS\system32\perfh005.dat
2014-12-14 08:54 - 2014-09-24 16:39 - 00151610 _____ () C:\WINDOWS\system32\perfc005.dat
2014-12-14 08:16 - 2014-08-27 09:36 - 00000000 ____D () C:\Users\Libor\Documents\My Games
2014-12-14 08:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-14 08:04 - 2014-10-29 20:14 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4565239-A42C-4425-9497-C1A001FCC945}
2014-12-13 23:51 - 2014-08-25 14:42 - 00138752 ___SH () C:\Users\Libor\Documents\Thumbs.db
2014-12-13 23:49 - 2014-09-06 23:40 - 00738304 ___SH () C:\Users\Libor\Desktop\Thumbs.db
2014-12-13 09:32 - 2014-08-28 09:01 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-13 08:54 - 2014-08-22 19:18 - 00000000 ____D () C:\Users\Libor\Downloads\Gameforge Live
2014-12-12 16:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-11 13:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-10 23:02 - 2014-09-24 20:02 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 23:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 23:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 23:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 23:01 - 2014-10-11 06:47 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\IMVU
2014-12-10 17:38 - 2014-08-25 08:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 17:34 - 2014-08-25 08:17 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 21:12 - 2014-08-30 10:43 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\.minecraft
2014-12-09 20:56 - 2014-08-31 08:22 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\FlowStone
2014-12-09 19:09 - 2014-10-11 14:07 - 00003802 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-09 06:06 - 2014-08-23 09:30 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\Skype
2014-12-08 17:06 - 2014-09-29 19:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-08 17:06 - 2014-08-23 09:30 - 00000000 ____D () C:\ProgramData\Skype
2014-12-07 20:39 - 2014-10-11 06:47 - 00001932 _____ () C:\Users\Libor\Desktop\IMVU.lnk
2014-12-07 20:39 - 2014-10-11 06:47 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\IMVUClient
2014-12-07 16:26 - 2014-08-31 08:30 - 00000000 ____D () C:\Users\Libor\Documents\mre
2014-12-07 13:42 - 2014-08-27 22:10 - 00000044 _____ () C:\Users\Libor\Downloads\klient.ini
2014-12-06 11:28 - 2014-08-22 21:20 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\uTorrent
2014-11-28 19:24 - 2014-09-21 18:48 - 00000000 ____D () C:\Users\Libor\Documents\Euro Truck Simulator 2
2014-11-28 14:10 - 2014-08-22 19:18 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-11-27 18:51 - 2014-08-22 19:25 - 00000000 ____D () C:\Users\Libor\Desktop\Attomey ---
2014-11-25 17:26 - 2014-09-15 17:53 - 00000000 ____D () C:\Users\Libor\Documents\ManiaPlanet
2014-11-24 18:14 - 2014-08-22 17:00 - 00000000 ____D () C:\Users\Libor\AppData\Local\Packages
2014-11-21 18:55 - 2014-08-26 10:30 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\TeamViewer
2014-11-21 18:54 - 2014-10-24 17:03 - 00000000 ___DC () C:\WINDOWS\Panther
2014-11-21 18:51 - 2014-08-22 17:06 - 00003938 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-21 18:51 - 2014-08-22 17:06 - 00003702 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 10:35 - 2014-09-14 18:39 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-15 10:27 - 2014-08-22 17:10 - 00000000 ____D () C:\Users\Libor\AppData\Roaming\LSC
2014-11-15 10:27 - 2013-08-17 04:44 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-11-15 10:27 - 2013-08-17 04:44 - 00000000 ____D () C:\Program Files\Lenovo
2014-11-15 10:24 - 2013-08-17 04:44 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-11-15 08:53 - 2014-11-07 19:59 - 00000000 ____D () C:\Users\Libor\Desktop\Ekura
2014-11-14 20:10 - 2014-08-22 17:00 - 00000000 ____D () C:\Users\Libor\AppData\Local\VirtualStore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-11 16:57

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows8_OS) (Fixed) (Total:889.71 GB) (Free:572.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.05 GB) NTFS
Drive e: (VX2HOEM_CS) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS

Available physical RAM: 5548.04 MB
Total physical RAM: 7375.26 MB
Percentage of memory in use: 24%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: C41E6C57)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\Libor\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Libor\Documents\dukaz.jpg:ms-properties

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Libor\Desktop" je 41335 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Ascly · #9 Příspěvek od **Ascly** » 14 pro 2014 10:26

Tak jaké je další řešení? Reklamy mi furt vyskakují v prohlížeči...

#10 Příspěvek od **vyosek** » 14 pro 2014 10:33

Reseni bude, ale uvedomte si prosim, ze je nedele a bdu jsme bohuzel nekteri v praci a nebo se venujeme svym rodinam, takze tu nemuzeme byt stale a porad

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:

HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [MSStp] => C:\windows\system32\msstp.vbe
HKLM-x32\...\Run: [mnckjtxpSrv] => C:\windows\inf\mnckjtxp.vbe [1342 2014-01-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-25] (Power Software Ltd)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\...\MountPoints2: {7cf621d6-06e9-11e3-be6d-806e6f6e6963} - "E:\setup.exe" 
Startup: C:\Users\Libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
URLSearchHook: HKU\S-1-5-21-1111126050-1134976462-3178825066-1002 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
URLSearchHook: HKU\S-1-5-21-1111126050-1134976462-3178825066-1002 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: IMVU Inc Toolbar -> {90b49673-5506-483e-b92b-ca0265bd9ca8} -> C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
Toolbar: HKLM - IMVU Inc Toolbar - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
Toolbar: HKU\S-1-5-21-1111126050-1134976462-3178825066-1002 -> IMVU Inc Toolbar - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File

C:\Users\Libor\AppData\LocalLow\IMVU_Inc
C:\windows\system32\msstp.vbe
C:\windows\inf\mnckjtxp.vbe
2014-12-14 09:40 - 2014-12-14 09:40 - 00018196 _____ () C:\Users\Libor\Desktop\FRST.txt
2014-12-14 09:38 - 2014-12-14 09:38 - 00112640 _____ (forum.viry.cz) C:\Users\Libor\Desktop\FRSTLauncher (1).exe
2014-12-14 09:37 - 2014-12-14 09:37 - 00112640 _____ (forum.viry.cz) C:\Users\Libor\Downloads\Nepotvrzeno 483507.crdownload
2014-12-14 09:31 - 2014-12-14 09:08 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-12-14 09:24 - 2014-12-14 08:35 - 00085442 _____ () C:\Users\Libor\Desktop\mbam-log-2014-12-14 (08-20-42).xml
2014-12-14 09:09 - 2014-12-14 09:33 - 00013170 _____ () C:\zoek-results.log
2014-12-14 09:08 - 2014-12-14 09:29 - 00000000 ____D () C:\zoek_backup
2014-12-14 09:08 - 2014-12-14 09:08 - 01295360 _____ () C:\Users\Libor\Downloads\zoek.exe
2014-12-14 09:00 - 2014-12-14 09:03 - 00000000 ____D () C:\AdwCleaner
2014-12-14 08:59 - 2014-12-14 09:00 - 02166272 _____ () C:\Users\Libor\Downloads\adwcleaner_4.105.exe
2014-12-14 08:49 - 2014-12-14 08:49 - 00000000 ____D () C:\rsit
2014-12-14 08:49 - 2014-12-14 08:49 - 00000000 ____D () C:\Program Files\trend micro
2014-12-14 08:46 - 2014-12-14 08:46 - 01222144 _____ () C:\Users\Libor\Downloads\RSITx64.exe
2014-12-14 08:13 - 2014-12-14 08:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Libor\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-13 17:20 - 2014-12-14 09:32 - 00041722 _____ () C:\WINDOWS\PFRO.log
2014-12-13 17:06 - 2014-12-13 17:06 - 00000000 ____D () C:\ProgramData\Block The Ads
2014-12-13 14:24 - 2014-12-14 09:15 - 00001533 _____ () C:\WINDOWS\setupact.log
2014-12-13 14:24 - 2014-12-13 14:24 - 00000000 _____ () C:\WINDOWS\setuperr.log

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Ascly · #11 Příspěvek od **Ascly** » 14 pro 2014 10:55

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2014
Ran by Libor at 2014-12-14 10:49:51 Run:2
Running from C:\Users\Libor\Desktop
Loaded Profile: Libor (Available profiles: Libor)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:

HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [MSStp] => C:\windows\system32\msstp.vbe
HKLM-x32\...\Run: [mnckjtxpSrv] => C:\windows\inf\mnckjtxp.vbe [1342 2014-01-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [366904 2014-10-25] (Power Software Ltd)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\...\MountPoints2: {7cf621d6-06e9-11e3-be6d-806e6f6e6963} - "E:\setup.exe"
Startup: C:\Users\Libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
URLSearchHook: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
URLSearchHook: HKU\S-1-5-21-1111126050-1134976462-3178825066-1002 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
URLSearchHook: HKU\S-1-5-21-1111126050-1134976462-3178825066-1002 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: IMVU Inc Toolbar -> {90b49673-5506-483e-b92b-ca0265bd9ca8} -> C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
Toolbar: HKLM - IMVU Inc Toolbar - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File
Toolbar: HKU\S-1-5-21-1111126050-1134976462-3178825066-1002 -> IMVU Inc Toolbar - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Users\Libor\AppData\LocalLow\IMVU_Inc\prxtbIMVU.dll No File

C:\Users\Libor\AppData\LocalLow\IMVU_Inc
C:\windows\system32\msstp.vbe
C:\windows\inf\mnckjtxp.vbe
2014-12-14 09:40 - 2014-12-14 09:40 - 00018196 _____ () C:\Users\Libor\Desktop\FRST.txt
2014-12-14 09:38 - 2014-12-14 09:38 - 00112640 _____ (forum.viry.cz) C:\Users\Libor\Desktop\FRSTLauncher (1).exe
2014-12-14 09:37 - 2014-12-14 09:37 - 00112640 _____ (forum.viry.cz) C:\Users\Libor\Downloads\Nepotvrzeno 483507.crdownload
2014-12-14 09:31 - 2014-12-14 09:08 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-12-14 09:24 - 2014-12-14 08:35 - 00085442 _____ () C:\Users\Libor\Desktop\mbam-log-2014-12-14 (08-20-42).xml
2014-12-14 09:09 - 2014-12-14 09:33 - 00013170 _____ () C:\zoek-results.log
2014-12-14 09:08 - 2014-12-14 09:29 - 00000000 ____D () C:\zoek_backup
2014-12-14 09:08 - 2014-12-14 09:08 - 01295360 _____ () C:\Users\Libor\Downloads\zoek.exe
2014-12-14 09:00 - 2014-12-14 09:03 - 00000000 ____D () C:\AdwCleaner
2014-12-14 08:59 - 2014-12-14 09:00 - 02166272 _____ () C:\Users\Libor\Downloads\adwcleaner_4.105.exe
2014-12-14 08:49 - 2014-12-14 08:49 - 00000000 ____D () C:\rsit
2014-12-14 08:49 - 2014-12-14 08:49 - 00000000 ____D () C:\Program Files\trend micro
2014-12-14 08:46 - 2014-12-14 08:46 - 01222144 _____ () C:\Users\Libor\Downloads\RSITx64.exe
2014-12-14 08:13 - 2014-12-14 08:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Libor\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-13 17:20 - 2014-12-14 09:32 - 00041722 _____ () C:\WINDOWS\PFRO.log
2014-12-13 17:06 - 2014-12-13 17:06 - 00000000 ____D () C:\ProgramData\Block The Ads
2014-12-13 14:24 - 2014-12-14 09:15 - 00001533 _____ () C:\WINDOWS\setupact.log
2014-12-13 14:24 - 2014-12-13 14:24 - 00000000 _____ () C:\WINDOWS\setuperr.log

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GShortCut => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MSStp => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mnckjtxpSrv => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PWRISOVM.EXE => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
"HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cf621d6-06e9-11e3-be6d-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{7cf621d6-06e9-11e3-be6d-806e6f6e6963}" => Key not found.
C:\Users\Libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk => Moved successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => value deleted successfully.
"HKCR\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8}" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Value not found.
HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => value deleted successfully.
HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{90B49673-5506-483E-B92B-CA0265BD9CA8} => value deleted successfully.
"HKCR\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{90b49673-5506-483e-b92b-ca0265bd9ca8} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{90b49673-5506-483e-b92b-ca0265bd9ca8}" => Key not found.
HKU\S-1-5-21-1111126050-1134976462-3178825066-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90B49673-5506-483E-B92B-CA0265BD9CA8} => value deleted successfully.
"HKCR\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8}" => Key not found.
"C:\Users\Libor\AppData\LocalLow\IMVU_Inc" => File/Directory not found.
"C:\windows\system32\msstp.vbe" => File/Directory not found.
C:\windows\inf\mnckjtxp.vbe => Moved successfully.
"C:\Users\Libor\Desktop\FRST.txt" => File/Directory not found.
C:\Users\Libor\Desktop\FRSTLauncher (1).exe => Moved successfully.
C:\Users\Libor\Downloads\Nepotvrzeno 483507.crdownload => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\Users\Libor\Desktop\mbam-log-2014-12-14 (08-20-42).xml => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Libor\Downloads\zoek.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Libor\Downloads\adwcleaner_4.105.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\Libor\Downloads\RSITx64.exe => Moved successfully.
C:\Users\Libor\Downloads\mbam-setup-2.0.4.1028.exe => Moved successfully.
C:\WINDOWS\PFRO.log => Moved successfully.
C:\ProgramData\Block The Ads => Moved successfully.
C:\WINDOWS\setupact.log => Moved successfully.
C:\WINDOWS\setuperr.log => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 186 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#12 Příspěvek od **vyosek** » 14 pro 2014 10:59

Reklamy stale vyskakuji??

Ascly · #13 Příspěvek od **Ascly** » 14 pro 2014 11:10

Zničehonic - to jsem kontroloval pořád... se v pložce "rozšíření" ve Chromu objevila věc "NoMoreAds" která byla předtím skrytá a přitom tam byla přidaná a aktivovaná.. Rozšíření jsem odebral a nyní se reklamy již nezobrazují a nevyskakují otravná okna.
Notebook je nyní celkově rychlejší, děkuju mockrát za pomoc

Hezký zbytek dne

#14 Příspěvek od **vyosek** » 14 pro 2014 11:12

Tak to rozsireni smazte

DelFix https://toolslib.net/downloads/finish/2/

Stahnete a spustte
Ponechte zatrzitkou pouze u volby Remote disinfection tools
Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Ascly · #15 Příspěvek od **Ascly** » 14 pro 2014 11:29

Dekuji moc za pomoc a ochotu, procistil jsem to Ccleanerem a uz neni ani potreba kompletni recovery systemu, jak jsem to puvodne chtel udelat.. abych usetril cas s cistenim - Reseni s cistenim ma ale vyhodu, uzivatel neprijde o data.

VIRY.CZ

Vyskakovací reklamy v Chromu

Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu

Re: Vyskakovací reklamy v Chromu