Firefox a advertising support

[NOSAK]

Dobré odpoledne, potrebuji poradit - ve firefoxu po jeho otevreni jsem si vsiml, ze nekteré odkazy, reklamy nejsou videt a misto nich je pouze close/ad by save on a po kliknuti se otevre stranka advertising support, docela to otravuje, jde to nejak odtranit? v odebrat programech to neni..děkuji

[vyosek]

Zdravim

Na Vanoce mi Jezisek kristalovou kouli nenadelil, takze nemuzu vestit

Zkuste tedy dat radeji log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100 a mrknem na to...

[NOSAK]

Log, jinak problem je v notasu...diky

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014
Ran by PETR (administrator) on DOMACNOST on 27-12-2014 13:59:13
Running from C:\Documents and Settings\PETR\Plocha
Loaded Profile: PETR (Available profiles: PETR & Kaťulka)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
() C:\Program Files\ATK Hotkey\HControl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMedia.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
() C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\ipcdl.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DWPersistentQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
HKLM\...\Run: [ATKHOTKEY] => C:\Program Files\ATK Hotkey\Hcontrol.exe [225280 2007-06-29] ()
HKLM\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-12] (Synaptics, Inc.)
HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [405593 2007-10-16] (Atheros Communications, Inc.)
HKLM\...\Run: [High Definition Audio ^'uëwą**<*>] => HDAShCut.exe <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ATKOSD2\ATKOSD2.exe [7708672 2007-07-03] ()
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16270848 2006-11-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HControl] => C:\WINDOWS\ATK0100\HControl.exe [98304 2006-05-30] ()
HKLM\...\Run: [Wireless Console 2] => C:\Program Files\Wireless Console 2\wcourier.exe [1040384 2007-07-05] ()
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-06-01] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-06-01] (Intel Corporation)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [573440 2006-08-07] (Motorola Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
HKLM\...\Run: [HP Input Device Main Program] => C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe [356352 2008-10-17] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [SpyHunter Security Suite] => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Winlogon\Notify\OneCard: C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-19\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-18\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
AppInit_DLLs: apshook.dll => C:\WINDOWS\system32\apshook.dll [56832 2006-07-12] (Cognizance Corporation)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Encrypted Files] -> {666C7833-A9B6-4AB4-94ED-DC238C81E925} => C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll (Cognizance Corporation)
ShellIconOverlayIdentifiers: [Secure Disks] -> {666C7836-A9B6-4AB4-94ED-DC238C81E925} => C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll (Cognizance Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.creativetoolbars.com/?src ... martbar&g=
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: ASUS Security Protect Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2011-01-25] (Microsoft Corporation)
Hosts: 127.0.0.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E10209B4-A59E-4E1F-877A-87ABD794BA08}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default
FF SelectedSearchEngine: Search the web (CT)
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\user.js
FF SearchPlugin: C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\searchplugins\smartbar.xml
FF Extension: Adblocker - C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\cnfo4e283@abrpauey.org [2014-06-15]
FF Extension: savie on - C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\phc.xd@omgbwwyeiooa.co.uk [2014-06-15]
FF Extension: save on - C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\ue2aey@e-s.org [2014-06-15]
FF Extension: MySearch - C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\vpfd@qcczaiua.edu [2014-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-15]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Adblocker) - C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk [2014-06-15]
CHR Extension: (MySearch) - C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fcpdkkafincpilnaenjcjlgmilhkmbhk [2014-06-15]
CHR Extension: (save on) - C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp [2014-06-15]
CHR Extension: (savie on) - C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf [2014-06-15]
CHR Extension: (Intel XDK) - C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\onmkoldigcfmebcinpmineoadckalllb [2014-06-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\WINDOWS\system32\acs.exe [364629 2007-10-16] (Atheros) [File not signed]
R2 ASBroker; C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2006-06-21] (Cognizance Corporation) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-06-01] (Intel Corporation) [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2011-10-03] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3764224 2011-10-03] (Firebird Project) [File not signed]
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2014-12-26] (Elex do Brasil Participações Ltda)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-06-01] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-06-01] (Intel Corporation ) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21393 2011-11-15] (Cisco Systems, Inc.)
R3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [36864 2007-11-01] (Atheros Communications, Inc.)
R3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2011-01-25] (Microsoft Corporation)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider) [File not signed]
S3 HpStm001; C:\WINDOWS\System32\DRIVERS\HpStm001.SYS [11264 2008-08-28] (Primax Electronics Ltd.)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2014-12-26] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2014-12-26] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2014-12-26] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2014-12-26] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2014-12-26] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [56232 2014-12-10] (Elex do Brasil Participações Ltda)
R1 ItSDisk; C:\WINDOWS\System32\Drivers\ItSDisk.sys [23232 2006-05-17] (Cognizance Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2208512 2007-06-21] (Intel Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1743232 2007-05-25] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [477240 2012-07-12] (Duplex Secure Ltd.)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57344 2007-07-03] (Atheros Communications, Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 13:59 - 2014-12-27 13:59 - 00019477 _____ () C:\Documents and Settings\PETR\Plocha\FRST.txt
2014-12-27 13:58 - 2014-12-27 13:59 - 00000000 ____D () C:\FRST
2014-12-27 13:57 - 2014-12-27 13:57 - 01114624 _____ (Farbar) C:\Documents and Settings\PETR\Plocha\FRST.exe
2014-12-27 13:56 - 2014-12-27 13:56 - 00029696 _____ () C:\Documents and Settings\PETR\Local Settings\Data aplikací\MSGBOX.EXE
2014-12-27 13:02 - 2014-12-27 13:02 - 00001555 _____ () C:\Documents and Settings\All Users\Plocha\YAC.lnk
2014-12-27 13:02 - 2014-12-27 13:02 - 00001555 _____ () C:\Documents and Settings\All Users\Nabídka Start\YAC.lnk
2014-12-27 13:02 - 2014-12-27 13:02 - 00000000 ____D () C:\Program Files\Elex-tech
2014-12-27 13:02 - 2014-12-27 13:02 - 00000000 ____D () C:\Documents and Settings\PETR\Data aplikací\Elex-tech
2014-12-27 13:02 - 2014-12-27 13:02 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\YAC
2014-12-27 13:02 - 2014-12-26 12:47 - 00040744 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-12-27 13:02 - 2014-12-10 03:22 - 00056232 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2014-12-27 12:59 - 2014-12-27 12:59 - 00000000 ____D () C:\Documents and Settings\PETR\Data aplikací\eCyber
2014-12-27 12:34 - 2014-12-27 12:34 - 00000012 _____ () C:\spyhunter.fix
2014-12-27 12:21 - 2014-12-27 12:21 - 00000000 ____D () C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-12-27 12:21 - 2014-12-27 12:21 - 00000000 ____D () C:\sh4ldr
2014-12-27 12:21 - 2014-12-27 12:21 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-12-27 12:12 - 2014-12-27 12:12 - 00000730 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2014-12-27 12:12 - 2014-12-27 12:12 - 00000724 _____ () C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2014-12-27 12:12 - 2014-12-27 12:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-27 11:46 - 2014-12-27 11:46 - 00000000 ____D () C:\Documents and Settings\PETR\Dokumenty\Obrázky
2014-12-27 08:26 - 2014-12-27 11:08 - 00008675 _____ () C:\WINDOWS\setupapi.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00011226 _____ () C:\WINDOWS\ocgen.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00006790 _____ () C:\WINDOWS\FaxSetup.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00006638 _____ () C:\WINDOWS\iis6.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00004591 _____ () C:\WINDOWS\tsoc.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00004193 _____ () C:\WINDOWS\comsetup.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00003646 _____ () C:\WINDOWS\ntdtcsetup.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00001943 _____ () C:\WINDOWS\imsins.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00001896 _____ () C:\WINDOWS\msmqinst.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000512 _____ () C:\WINDOWS\MedCtrOC.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000479 _____ () C:\WINDOWS\msgsocm.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000469 _____ () C:\WINDOWS\ocmsn.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-12-27 07:55 - 2014-12-27 07:55 - 00000360 _____ () C:\WINDOWS\AutoKMS.log
2014-12-26 23:39 - 2014-12-27 12:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-26 21:08 - 2014-12-26 21:08 - 03981488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-12-08 17:21 - 2014-12-08 17:21 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-12-08 17:21 - 2014-12-08 17:21 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-12-08 17:21 - 2014-12-08 17:21 - 00000000 ____D () C:\Documents and Settings\PETR\Data aplikací\Malwarebytes
2014-12-08 17:21 - 2014-12-08 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-12-08 17:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-08 17:13 - 2014-12-08 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 13:59 - 2011-11-15 10:30 - 00000000 ____D () C:\Documents and Settings\PETR\Plocha
2014-12-27 13:59 - 2011-11-15 10:30 - 00000000 ____D () C:\Documents and Settings\PETR\Local Settings\Temp
2014-12-27 13:57 - 2013-06-19 19:30 - 00000000 ____D () C:\Documents and Settings\PETR\Dokumenty\Stažené soubory
2014-12-27 13:56 - 2011-11-15 10:30 - 00000000 ___HD () C:\Documents and Settings\PETR\Local Settings\Data aplikací
2014-12-27 13:34 - 2012-10-01 17:33 - 00000000 ____D () C:\Documents and Settings\PETR\Data aplikací\Skype
2014-12-27 13:27 - 2011-11-20 21:24 - 00000000 ___HD () C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací
2014-12-27 13:27 - 2011-11-15 10:30 - 00000000 __RHD () C:\Documents and Settings\PETR\Data aplikací
2014-12-27 13:27 - 2011-11-15 10:30 - 00000000 ___RD () C:\Documents and Settings\PETR\Nabídka Start\Programy
2014-12-27 13:27 - 2011-11-15 10:30 - 00000000 ___RD () C:\Documents and Settings\PETR\Dokumenty
2014-12-27 13:27 - 2011-11-15 10:30 - 00000000 ____D () C:\Documents and Settings\PETR
2014-12-27 13:27 - 2011-11-15 10:26 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-12-27 13:08 - 2013-07-10 18:00 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-27 13:02 - 2011-11-15 10:26 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-12-27 13:02 - 2011-11-15 10:26 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-12-27 13:02 - 2011-11-15 10:26 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-12-27 12:10 - 2011-11-15 09:54 - 01188373 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-27 11:31 - 2011-11-15 14:43 - 00000198 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2014-12-27 11:31 - 2011-11-15 10:30 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-27 11:31 - 2011-11-15 10:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-27 11:31 - 2011-11-15 10:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-27 11:30 - 2011-11-15 10:30 - 00000178 ___SH () C:\Documents and Settings\PETR\ntuser.ini
2014-12-27 11:30 - 2011-11-15 10:29 - 00032550 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-27 10:30 - 2011-11-15 09:56 - 00001607 _____ () C:\Documents and Settings\All Users\Nabídka Start\Přístup a výchozí nastavení programů.lnk
2014-12-27 10:30 - 2011-11-15 09:56 - 00001599 ____C () C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-12-27 10:30 - 2011-11-15 09:46 - 00001625 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Čtečka BitLocker To Go.lnk
2014-12-27 10:30 - 2011-11-15 09:46 - 00001572 _____ () C:\Documents and Settings\All Users\Nabídka Start\Microsoft Update.lnk
2014-12-27 10:05 - 2011-11-15 10:20 - 00000000 ____D () C:\WINDOWS\Cursors
2014-12-27 10:03 - 2011-11-15 09:52 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-27 07:24 - 2011-11-21 23:05 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
2014-12-26 21:08 - 2013-07-10 18:00 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-26 21:08 - 2012-01-18 20:25 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-26 19:19 - 2008-04-14 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-08 17:50 - 2012-01-13 10:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-08 17:48 - 2014-06-15 18:10 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Saovue on

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[vyosek]

Odinstalujte zbytecnynosti jmenem YAC a SpyHunter

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[NOSAK]

# AdwCleaner v4.106 - Report created 27/12/2014 at 14:16:35
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : PETR - DOMACNOST
# Running from : C:\Documents and Settings\PETR\Plocha\adwcleaner_4.106.exe
# Option : Scan

***** [ Services ] *****

Service Found : iSafeNetFilter

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\searchplugins\smartbar.xml
File Found : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\user.js
Folder Found : C:\Documents and Settings\All Users\Data aplikací\8dc0fe669a230fc4
Folder Found : C:\Documents and Settings\All Users\Data aplikací\8dc0fe669a230fc4
Folder Found : C:\Documents and Settings\All Users\Data aplikací\Saovue on
Folder Found : C:\Documents and Settings\All Users\Data aplikací\Saovue on
Folder Found : C:\Documents and Settings\Kaťulka\Data aplikací\Mozilla\Firefox\Profiles\4q9qthul.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\torch
Folder Found : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\cnfo4e283@abrpauey.org
Folder Found : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\phc.xd@omgbwwyeiooa.co.uk
Folder Found : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\ue2aey@e-s.org
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\torch

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iSafe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.creativetoolbars.com/?src=hp&id=smartbar&g=

-\\ Mozilla Firefox v34.0.5 (x86 cs)

[inxwi644.default] - Line Found : user_pref("browser.search.selectedEngine", "Search the web (CT)");
[inxwi644.default] - Line Found : user_pref("extensions.DgzbtWIc.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
[inxwi644.default] - Line Found : user_pref("extensions.OzmdPQxtCw8F.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
[inxwi644.default] - Line Found : user_pref("extensions.OzmdPQxtCw8F.url", "hxxp://fasten-tech.com/sync2/?q=hfZ9ofq7B75MCyVUojwGqdUMg708BNmGWj8deShGheDUojw9rdgFqjw6rjaEqchIC7n0rjnEpjsGrja9qda8tNhVCT94tMVKhd9FqTk7rHUErTg8qjn8qjaHrTs9tN[...]
[inxwi644.default] - Line Found : user_pref("extensions.crossrider.bic", "146a0d00b929dda605d5c633753f00e5");
[inxwi644.default] - Line Found : user_pref("extensions.j_nm.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.autoRvrt", "false");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.dfltSrch", true);
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.dnsErr", true);
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.hmpg", true);
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.hmpgUrl", "hxxp://search.creativetoolbars.com/?src=hp&id=smartbar&g=");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.hpOld0", "seznam.cz");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.kw_url", "hxxp://search.creativetoolbars.com/results?src=tb&id=smartbar&g=&q=");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.newTab", true);
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.newTabUrl", "hxxp://search.creativetoolbars.com/?src=nt&id=smartbar&g=");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.rvrt", "false");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.srchPrvdr", "Search the web (CT)");
[inxwi644.default] - Line Found : user_pref("extensions.y1SeQP.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
[inxwi644.default] - Line Found : user_pref("extensions.y1SeQP.url", "hxxp://websolutiion.in/sync2/?q=hfZ9ofV9CShEAen0rjs9pihTB6lKDzt4okqAtNtVh7n0rjnEqTw8rjCFrdk9tMFHhd9Fqda4rTsFrdn9rHsMDMlGojUMAe4Uojw7qjgHpjaGqTk8qdk8rdrGrTnMC6qUojwF[...]

-\\ Google Chrome v


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [6837 octets] - [27/12/2014 14:16:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6897 octets] ##########

[vyosek]

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[NOSAK]

Zoek.exe v5.0.0.0 Updated 24-12-2014
Tool run by PETR on so 27.12.2014 at 14:23:41,84.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\PETR\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

27.12.2014 14:25:51 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\Adblocker deleted successfully
C:\Program Files\Common Files\XCPCSync.OEM deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\CanonEPP deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\CanonIJEPPEX2 deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\hem deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29552B5A-BC-4F6A-932E-83714A5C342} deleted successfully
HKEY_USERS\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C952F85-394E-4022-81E6-A5D9E8FB842} deleted successfully
HKEY_USERS\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E8F2C6E-5131-4E50-9ED8-66931F1BE122} deleted successfully
HKEY_USERS\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62CEE4AE-3BC4-493A-920-BE34C2ACBB2} deleted successfully
HKEY_USERS\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8BDC8083-7A7B-4CAD-BE23-9ED5D95EF2F3} deleted successfully
HKEY_USERS\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF0B613A-8475-4A39-9140-914C5612E64} deleted successfully
HKEY_USERS\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B852453E-D9EA-43A8-BB4B-86165F562DD} deleted successfully
HKEY_USERS\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D727BBBF-AEA-48F1-BB81-33803F881537} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Documents and Settings\PETR\AppData\LocalLow\{042CF1C7-B558-4128-4FA9-0A126820647C} deleted
C:\Documents and Settings\PETR\.android deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Saovue on deleted
C:\Program Files\SamsungPrinterLiveUpdateInstaller deleted
C:\amddriverdownloader.exe deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\InstallMate deleted
C:\Documents and Settings\PETR\AppData\LocalLow\{00708FCF-42DD-6528-68AC-7514E973A863} deleted
C:\Documents and Settings\PETR\AppData\LocalLow\{09A035AF-0CDD-6394-B487-2C89DBB5F48A} deleted
C:\Documents and Settings\PETR\AppData\LocalLow\{4D8D8DC8-CC95-9E62-B4A4-52EDAE1A7D9B} deleted
C:\WINDOWS\system32\GroupPolicy\Adm deleted
C:\WINDOWS\system32\GroupPolicy\Machine deleted
C:\WINDOWS\system32\GroupPolicy\User deleted
C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8dc0fe669a230fc4\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140615191123" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8dc0fe669a230fc4\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140615203220" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8dc0fe669a230fc4\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9}.20140615191035" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8dc0fe669a230fc4\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9}.20140615191058" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8dc0fe669a230fc4\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9}.20140615191151" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8dc0fe669a230fc4\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9}.20140615203727" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8dc0fe669a230fc4\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20140615191206" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8dc0fe669a230fc4\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.20140615191515" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8dc0fe669a230fc4\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.20140615203911" deleted
"C:\DOCUME~1\ALLUSE~1\DATAAP~1\8dc0fe669a230fc4" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [15.11.2011 09:37]

==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.creativetoolbars.com/?src ... martbar&g="

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.creativetoolbars.com/?src ... martbar&g="

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="http://search.live.com/results.aspx?q={ ... orm=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\4ca43101-efb3-4e59-a6a0-2c7a6124f79d deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\KAULKA~1\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\PETR\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=40 folders=14 12422826 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\PETR\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\PETR\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on so 27.12.2014 at 14:36:27,85 ======================

[vyosek]

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[NOSAK]

# AdwCleaner v4.106 - Report created 27/12/2014 at 14:39:56
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : PETR - DOMACNOST
# Running from : C:\Documents and Settings\PETR\Plocha\adwcleaner_4.106.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\searchplugins\smartbar.xml
File Found : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\user.js
Folder Found : C:\Documents and Settings\Kaťulka\Data aplikací\Mozilla\Firefox\Profiles\4q9qthul.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
Folder Found : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\torch
Folder Found : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\cnfo4e283@abrpauey.org
Folder Found : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\phc.xd@omgbwwyeiooa.co.uk
Folder Found : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\ue2aey@e-s.org
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
Folder Found : C:\Documents and Settings\PETR\Local Settings\Data aplikací\torch

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iSafe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.creativetoolbars.com/?src=hp&id=smartbar&g=

-\\ Mozilla Firefox v34.0.5 (x86 cs)

[inxwi644.default] - Line Found : user_pref("browser.search.selectedEngine", "Search the web (CT)");
[inxwi644.default] - Line Found : user_pref("extensions.DgzbtWIc.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
[inxwi644.default] - Line Found : user_pref("extensions.OzmdPQxtCw8F.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
[inxwi644.default] - Line Found : user_pref("extensions.OzmdPQxtCw8F.url", "hxxp://fasten-tech.com/sync2/?q=hfZ9ofq7B75MCyVUojwGqdUMg708BNmGWj8deShGheDUojw9rdgFqjw6rjaEqchIC7n0rjnEpjsGrja9qda8tNhVCT94tMVKhd9FqTk7rHUErTg8qjn8qjaHrTs9tN[...]
[inxwi644.default] - Line Found : user_pref("extensions.crossrider.bic", "146a0d00b929dda605d5c633753f00e5");
[inxwi644.default] - Line Found : user_pref("extensions.j_nm.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.autoRvrt", "false");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.dfltSrch", true);
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.dnsErr", true);
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.hmpg", true);
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.hmpgUrl", "hxxp://search.creativetoolbars.com/?src=hp&id=smartbar&g=");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.hpOld0", "seznam.cz");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.kw_url", "hxxp://search.creativetoolbars.com/results?src=tb&id=smartbar&g=&q=");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.newTab", true);
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.newTabUrl", "hxxp://search.creativetoolbars.com/?src=nt&id=smartbar&g=");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.rvrt", "false");
[inxwi644.default] - Line Found : user_pref("extensions.smartbar.srchPrvdr", "Search the web (CT)");
[inxwi644.default] - Line Found : user_pref("extensions.y1SeQP.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
[inxwi644.default] - Line Found : user_pref("extensions.y1SeQP.url", "hxxp://websolutiion.in/sync2/?q=hfZ9ofV9CShEAen0rjs9pihTB6lKDzt4okqAtNtVh7n0rjnEqTw8rjCFrdk9tMFHhd9Fqda4rTsFrdn9rHsMDMlGojUMAe4Uojw7qjgHpjaGqTk8qdk8rdrGrTnMC6qUojwF[...]

-\\ Google Chrome v


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [6977 octets] - [27/12/2014 14:16:35]
AdwCleaner[R1].txt - [6547 octets] - [27/12/2014 14:39:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6607 octets] ##########

[vyosek]

PO dokonceni Scanu je potreba kliknout i na Clean a nechat jej procistit...

[NOSAK]

se omlovam jsem se uklikl jinde....
# AdwCleaner v4.106 - Report created 27/12/2014 at 14:45:48
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : PETR - DOMACNOST
# Running from : C:\Documents and Settings\PETR\Plocha\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\torch
Folder Deleted : C:\Documents and Settings\PETR\Local Settings\Data aplikací\torch
Folder Deleted : C:\Documents and Settings\Kaťulka\Data aplikací\Mozilla\Firefox\Profiles\4q9qthul.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Folder Deleted : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\cnfo4e283@abrpauey.org
Folder Deleted : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\phc.xd@omgbwwyeiooa.co.uk
Folder Deleted : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\ue2aey@e-s.org
[!] Folder Deleted : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
[!] Folder Deleted : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
[!] Folder Deleted : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
[!] Folder Deleted : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
[!] Folder Deleted : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
[!] Folder Deleted : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
Folder Deleted : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
Folder Deleted : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\cfhicddbpoflfmpeiocoageeadghagpk
Folder Deleted : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
Folder Deleted : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\mdkhkkgjcejgoccmldbjhkpajdkooejp
Folder Deleted : C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
Folder Deleted : C:\Documents and Settings\PETR\Local Settings\Data aplikací\Comodo\Dragon\User Data\Default\Extensions\moagpogcghpgjlkjepnldcepgopklipf
File Deleted : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\searchplugins\smartbar.xml
File Deleted : C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iSafe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v34.0.5 (x86 cs)

[inxwi644.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Search the web (CT)");
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.DgzbtWIc.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sum[...]
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.OzmdPQxtCw8F.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.OzmdPQxtCw8F.url", "hxxp://fasten-tech.com/sync2/?q=hfZ9ofq7B75MCyVUojwGqdUMg708BNmGWj8deShGheDUojw9rdgFqjw6rjaEqchIC7n0rjnEpjsGrja9qda8tNhVCT94tMVKhd9FqTk7rHUErTg8qjn8qjaHrTs9tN[...]
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "146a0d00b929dda605d5c633753f00e5");
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.j_nm.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorob[...]
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.autoRvrt", "false");
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.dfltSrch", true);
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.dnsErr", true);
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.hmpg", true);
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.hmpgUrl", "hxxp://search.creativetoolbars.com/?src=hp&id=smartbar&g=");
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.hpOld0", "seznam.cz");
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.kw_url", "hxxp://search.creativetoolbars.com/results?src=tb&id=smartbar&g=&q=");
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.newTab", true);
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.newTabUrl", "hxxp://search.creativetoolbars.com/?src=nt&id=smartbar&g=");
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.rvrt", "false");
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.smartbar.srchPrvdr", "Search the web (CT)");
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.y1SeQP.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumor[...]
[inxwi644.default\prefs.js] - Line Deleted : user_pref("extensions.y1SeQP.url", "hxxp://websolutiion.in/sync2/?q=hfZ9ofV9CShEAen0rjs9pihTB6lKDzt4okqAtNtVh7n0rjnEqTw8rjCFrdk9tMFHhd9Fqda4rTsFrdn9rHsMDMlGojUMAe4Uojw7qjgHpjaGqTk8qdk8rdrGrTnMC6qUojwF[...]

-\\ Google Chrome v


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [6977 octets] - [27/12/2014 14:16:35]
AdwCleaner[R1].txt - [6687 octets] - [27/12/2014 14:39:56]
AdwCleaner[S0].txt - [6810 octets] - [27/12/2014 14:45:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6870 octets] ##########

[vyosek]

Supr, poprosim o novy log z FRST

[NOSAK]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014
Ran by PETR (administrator) on DOMACNOST on 27-12-2014 14:54:10
Running from C:\Documents and Settings\PETR\Plocha
Loaded Profile: PETR (Available profiles: PETR & Kaťulka)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(Cognizance Corporation) C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
() C:\Program Files\ATK Hotkey\HControl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMedia.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files\CyberLink\Shared files\brs.exe
() C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DWPersistentQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
HKLM\...\Run: [ATKHOTKEY] => C:\Program Files\ATK Hotkey\Hcontrol.exe [225280 2007-06-29] ()
HKLM\...\Run: [CognizanceTS] => rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-12] (Synaptics, Inc.)
HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [405593 2007-10-16] (Atheros Communications, Inc.)
HKLM\...\Run: [High Definition Audio ^'uëwą**<*>] => HDAShCut.exe <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ATKOSD2\ATKOSD2.exe [7708672 2007-07-03] ()
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16270848 2006-11-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HControl] => C:\WINDOWS\ATK0100\HControl.exe [98304 2006-05-30] ()
HKLM\...\Run: [Wireless Console 2] => C:\Program Files\Wireless Console 2\wcourier.exe [1040384 2007-07-05] ()
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-06-01] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-06-01] (Intel Corporation)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [573440 2006-08-07] (Motorola Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
HKLM\...\Run: [HP Input Device Main Program] => C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe [356352 2008-10-17] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [SpyHunter Security Suite] => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Winlogon\Notify\OneCard: C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-19\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-18\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
AppInit_DLLs: apshook.dll => C:\WINDOWS\system32\apshook.dll [56832 2006-07-12] (Cognizance Corporation)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Encrypted Files] -> {666C7833-A9B6-4AB4-94ED-DC238C81E925} => C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll (Cognizance Corporation)
ShellIconOverlayIdentifiers: [Secure Disks] -> {666C7836-A9B6-4AB4-94ED-DC238C81E925} => C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll (Cognizance Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-57989841-796845957-1606980848-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: ASUS Security Protect Manager -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2011-01-25] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E10209B4-A59E-4E1F-877A-87ABD794BA08}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: MySearch - C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\vpfd@qcczaiua.edu [2014-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-15]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (MySearch) - C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fcpdkkafincpilnaenjcjlgmilhkmbhk [2014-06-15]
CHR Extension: (Intel XDK) - C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\onmkoldigcfmebcinpmineoadckalllb [2014-06-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\WINDOWS\system32\acs.exe [364629 2007-10-16] (Atheros) [File not signed]
R2 ASBroker; C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation) [File not signed]
R2 ASChannel; C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll [131584 2006-06-21] (Cognizance Corporation) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-06-01] (Intel Corporation) [File not signed]
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2011-10-03] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3764224 2011-10-03] (Firebird Project) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-06-01] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-06-01] (Intel Corporation ) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21393 2011-11-15] (Cisco Systems, Inc.)
R3 AtcL001; C:\WINDOWS\System32\DRIVERS\l151x86.sys [36864 2007-11-01] (Atheros Communications, Inc.)
R3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [146824 2007-06-16] (AuthenTec, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2011-01-25] (Microsoft Corporation)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows (R) Server 2003 DDK provider) [File not signed]
S3 HpStm001; C:\WINDOWS\System32\DRIVERS\HpStm001.SYS [11264 2008-08-28] (Primax Electronics Ltd.)
R1 ItSDisk; C:\WINDOWS\System32\Drivers\ItSDisk.sys [23232 2006-05-17] (Cognizance Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2208512 2007-06-21] (Intel Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [1743232 2007-05-25] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [477240 2012-07-12] (Duplex Secure Ltd.)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [57344 2007-07-03] (Atheros Communications, Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
S4 IntelIde; No ImagePath
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 14:33 - 2014-12-27 14:54 - 00000000 ____D () C:\Documents and Settings\PETR\Local Settings\Temp
2014-12-27 14:33 - 2014-12-27 14:23 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-12-27 14:25 - 2014-12-27 14:36 - 00008803 _____ () C:\zoek-results.log
2014-12-27 14:23 - 2014-12-27 14:31 - 00000000 ____D () C:\zoek_backup
2014-12-27 14:16 - 2014-12-27 14:45 - 00000000 ____D () C:\AdwCleaner
2014-12-27 14:15 - 2014-12-27 14:15 - 01295360 _____ () C:\Documents and Settings\PETR\Plocha\zoek.exe
2014-12-27 14:14 - 2014-12-27 14:14 - 02173952 _____ () C:\Documents and Settings\PETR\Plocha\adwcleaner_4.106.exe
2014-12-27 14:04 - 2014-12-27 14:04 - 00007259 _____ () C:\Addition_27-12-2014_14-01-06.zip
2014-12-27 14:00 - 2014-12-27 14:01 - 00027762 _____ () C:\Documents and Settings\PETR\Plocha\Addition.txt
2014-12-27 13:59 - 2014-12-27 14:54 - 00017201 _____ () C:\Documents and Settings\PETR\Plocha\FRST.txt
2014-12-27 13:58 - 2014-12-27 14:54 - 00000000 ____D () C:\FRST
2014-12-27 13:57 - 2014-12-27 13:57 - 01114624 _____ (Farbar) C:\Documents and Settings\PETR\Plocha\FRST.exe
2014-12-27 13:56 - 2014-12-27 13:56 - 00029696 _____ () C:\Documents and Settings\PETR\Local Settings\Data aplikací\MSGBOX.EXE
2014-12-27 12:34 - 2014-12-27 12:34 - 00000012 _____ () C:\spyhunter.fix
2014-12-27 12:21 - 2014-12-27 14:12 - 00000000 ____D () C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-12-27 12:21 - 2014-12-27 12:21 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-12-27 12:12 - 2014-12-27 12:12 - 00000730 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2014-12-27 12:12 - 2014-12-27 12:12 - 00000724 _____ () C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2014-12-27 12:12 - 2014-12-27 12:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-27 11:46 - 2014-12-27 11:46 - 00000000 ____D () C:\Documents and Settings\PETR\Dokumenty\Obrázky
2014-12-27 08:26 - 2014-12-27 11:08 - 00008675 _____ () C:\WINDOWS\setupapi.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00011226 _____ () C:\WINDOWS\ocgen.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00006790 _____ () C:\WINDOWS\FaxSetup.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00006638 _____ () C:\WINDOWS\iis6.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00004591 _____ () C:\WINDOWS\tsoc.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00004193 _____ () C:\WINDOWS\comsetup.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00003646 _____ () C:\WINDOWS\ntdtcsetup.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00001943 _____ () C:\WINDOWS\imsins.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00001896 _____ () C:\WINDOWS\msmqinst.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000512 _____ () C:\WINDOWS\MedCtrOC.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000479 _____ () C:\WINDOWS\msgsocm.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000469 _____ () C:\WINDOWS\ocmsn.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-12-27 07:55 - 2014-12-27 07:55 - 00000360 _____ () C:\WINDOWS\AutoKMS.log
2014-12-26 23:39 - 2014-12-27 12:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-26 21:08 - 2014-12-26 21:08 - 03981488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-12-08 17:21 - 2014-12-08 17:21 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-12-08 17:21 - 2014-12-08 17:21 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-12-08 17:21 - 2014-12-08 17:21 - 00000000 ____D () C:\Documents and Settings\PETR\Data aplikací\Malwarebytes
2014-12-08 17:21 - 2014-12-08 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2014-12-08 17:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-08 17:13 - 2014-12-08 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 14:54 - 2011-11-15 10:30 - 00000000 ____D () C:\Documents and Settings\PETR\Plocha
2014-12-27 14:52 - 2011-11-15 09:54 - 01209361 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-27 14:47 - 2012-10-01 17:33 - 00000000 ____D () C:\Documents and Settings\PETR\Data aplikací\Skype
2014-12-27 14:47 - 2011-11-15 10:30 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-27 14:47 - 2011-11-15 10:29 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-12-27 14:46 - 2011-11-15 14:43 - 00000198 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2014-12-27 14:46 - 2011-11-15 10:30 - 00000178 ___SH () C:\Documents and Settings\PETR\ntuser.ini
2014-12-27 14:46 - 2011-11-15 10:29 - 00032364 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-27 14:46 - 2011-11-15 10:29 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-27 14:45 - 2011-11-20 21:24 - 00000000 ___HD () C:\Documents and Settings\Kaťulka\Local Settings\Data aplikací
2014-12-27 14:45 - 2011-11-15 10:30 - 00000000 ___HD () C:\Documents and Settings\PETR\Local Settings\Data aplikací
2014-12-27 14:35 - 2014-06-15 18:11 - 00000008 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-12-27 14:31 - 2011-11-15 10:30 - 00000000 ____D () C:\Documents and Settings\PETR
2014-12-27 14:31 - 2011-11-15 10:26 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-12-27 14:31 - 2011-11-15 09:32 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-27 14:23 - 2011-11-15 09:52 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-12-27 14:16 - 2013-06-19 19:30 - 00000000 ____D () C:\Documents and Settings\PETR\Dokumenty\Stažené soubory
2014-12-27 14:12 - 2011-11-15 10:30 - 00000000 __RHD () C:\Documents and Settings\PETR\Data aplikací
2014-12-27 14:12 - 2011-11-15 10:26 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-12-27 14:12 - 2011-11-15 10:26 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-12-27 14:12 - 2011-11-15 10:26 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-12-27 14:08 - 2013-07-10 18:00 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-27 13:27 - 2011-11-15 10:30 - 00000000 ___RD () C:\Documents and Settings\PETR\Nabídka Start\Programy
2014-12-27 13:27 - 2011-11-15 10:30 - 00000000 ___RD () C:\Documents and Settings\PETR\Dokumenty
2014-12-27 10:30 - 2011-11-15 09:56 - 00001607 _____ () C:\Documents and Settings\All Users\Nabídka Start\Přístup a výchozí nastavení programů.lnk
2014-12-27 10:30 - 2011-11-15 09:56 - 00001599 ____C () C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-12-27 10:30 - 2011-11-15 09:46 - 00001625 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Čtečka BitLocker To Go.lnk
2014-12-27 10:30 - 2011-11-15 09:46 - 00001572 _____ () C:\Documents and Settings\All Users\Nabídka Start\Microsoft Update.lnk
2014-12-27 10:05 - 2011-11-15 10:20 - 00000000 ____D () C:\WINDOWS\Cursors
2014-12-27 07:24 - 2011-11-21 23:05 - 00000069 ____C () C:\WINDOWS\NeroDigital.ini
2014-12-26 21:08 - 2013-07-10 18:00 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-26 21:08 - 2012-01-18 20:25 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-26 19:19 - 2008-04-14 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-08 17:50 - 2012-01-13 10:42 - 00000000 ____D () C:\WINDOWS\Minidump

Some content of TEMP:
====================
C:\Documents and Settings\PETR\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\PETR\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
  HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
  HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
  HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
  HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
  HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
  HKLM\...\Run: [SpyHunter Security Suite] => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
  HKU\S-1-5-19\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
  HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-02-28] (Skype Technologies S.A.)
  HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
  HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
  HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
  HKU\S-1-5-18\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
  
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  
  FF Extension: MySearch - C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\vpfd@qcczaiua.edu [2014-06-15]
  
  CHR Extension: (MySearch) - C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fcpdkkafincpilnaenjcjlgmilhkmbhk [2014-06-15]
  
  S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
  S4 IntelIde; No ImagePath
  S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]
  U1 WS2IFSL; No ImagePath
  
  C:\Program Files\Enigma Software Group
  2014-12-27 14:33 - 2014-12-27 14:23 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
  2014-12-27 14:25 - 2014-12-27 14:36 - 00008803 _____ () C:\zoek-results.log
  2014-12-27 14:23 - 2014-12-27 14:31 - 00000000 ____D () C:\zoek_backup
  2014-12-27 14:16 - 2014-12-27 14:45 - 00000000 ____D () C:\AdwCleaner
  2014-12-27 14:15 - 2014-12-27 14:15 - 01295360 _____ () C:\Documents and Settings\PETR\Plocha\zoek.exe
  2014-12-27 14:14 - 2014-12-27 14:14 - 02173952 _____ () C:\Documents and Settings\PETR\Plocha\adwcleaner_4.106.exe
  2014-12-27 14:04 - 2014-12-27 14:04 - 00007259 _____ () C:\Addition_27-12-2014_14-01-06.zip
  2014-12-27 14:00 - 2014-12-27 14:01 - 00027762 _____ () C:\Documents and Settings\PETR\Plocha\Addition.txt
  2014-12-27 13:59 - 2014-12-27 14:54 - 00017201 _____ () C:\Documents and Settings\PETR\Plocha\FRST.txt
  2014-12-27 13:56 - 2014-12-27 13:56 - 00029696 _____ () C:\Documents and Settings\PETR\Local Settings\Data aplikací\MSGBOX.EXE
  2014-12-27 12:34 - 2014-12-27 12:34 - 00000012 _____ () C:\spyhunter.fix
  2014-12-27 12:21 - 2014-12-27 14:12 - 00000000 ____D () C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
  2014-12-27 08:26 - 2014-12-27 11:08 - 00008675 _____ () C:\WINDOWS\setupapi.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00011226 _____ () C:\WINDOWS\ocgen.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00006790 _____ () C:\WINDOWS\FaxSetup.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00006638 _____ () C:\WINDOWS\iis6.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00004591 _____ () C:\WINDOWS\tsoc.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00004193 _____ () C:\WINDOWS\comsetup.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00003646 _____ () C:\WINDOWS\ntdtcsetup.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00001943 _____ () C:\WINDOWS\imsins.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00001896 _____ () C:\WINDOWS\msmqinst.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00000512 _____ () C:\WINDOWS\MedCtrOC.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00000479 _____ () C:\WINDOWS\msgsocm.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00000469 _____ () C:\WINDOWS\ocmsn.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00000311 _____ () C:\WINDOWS\tabletoc.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00000000 _____ () C:\WINDOWS\setuperr.log
  2014-12-27 08:08 - 2014-12-27 08:08 - 00000000 _____ () C:\WINDOWS\setupact.log
  2014-12-27 07:55 - 2014-12-27 07:55 - 00000360 _____ () C:\WINDOWS\AutoKMS.log
  C:\WINDOWS\AutoKMS.exe
  
  Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe
  
  AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\Temp:07BF512B
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[NOSAK]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
Ran by PETR at 2014-12-27 15:59:00 Run:1
Running from C:\Documents and Settings\PETR\Plocha
Loaded Profile: PETR (Available profiles: PETR & Kaťulka)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RemoteControl10] => C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM\...\Run: [BDRegion] => C:\Program Files\Cyberlink\Shared files\brs.exe [75048 2010-03-13] (cyberlink)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [SpyHunter Security Suite] => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
HKU\S-1-5-19\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
HKU\S-1-5-21-57989841-796845957-1606980848-1004\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-18\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Extension: MySearch - C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\vpfd@qcczaiua.edu [2014-06-15]

CHR Extension: (MySearch) - C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fcpdkkafincpilnaenjcjlgmilhkmbhk [2014-06-15]

S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
S4 IntelIde; No ImagePath
S1 iSafeKrnlMon; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [X]
U1 WS2IFSL; No ImagePath

C:\Program Files\Enigma Software Group
2014-12-27 14:33 - 2014-12-27 14:23 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-12-27 14:25 - 2014-12-27 14:36 - 00008803 _____ () C:\zoek-results.log
2014-12-27 14:23 - 2014-12-27 14:31 - 00000000 ____D () C:\zoek_backup
2014-12-27 14:16 - 2014-12-27 14:45 - 00000000 ____D () C:\AdwCleaner
2014-12-27 14:15 - 2014-12-27 14:15 - 01295360 _____ () C:\Documents and Settings\PETR\Plocha\zoek.exe
2014-12-27 14:14 - 2014-12-27 14:14 - 02173952 _____ () C:\Documents and Settings\PETR\Plocha\adwcleaner_4.106.exe
2014-12-27 14:04 - 2014-12-27 14:04 - 00007259 _____ () C:\Addition_27-12-2014_14-01-06.zip
2014-12-27 14:00 - 2014-12-27 14:01 - 00027762 _____ () C:\Documents and Settings\PETR\Plocha\Addition.txt
2014-12-27 13:59 - 2014-12-27 14:54 - 00017201 _____ () C:\Documents and Settings\PETR\Plocha\FRST.txt
2014-12-27 13:56 - 2014-12-27 13:56 - 00029696 _____ () C:\Documents and Settings\PETR\Local Settings\Data aplikací\MSGBOX.EXE
2014-12-27 12:34 - 2014-12-27 12:34 - 00000012 _____ () C:\spyhunter.fix
2014-12-27 12:21 - 2014-12-27 14:12 - 00000000 ____D () C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-12-27 08:26 - 2014-12-27 11:08 - 00008675 _____ () C:\WINDOWS\setupapi.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00011226 _____ () C:\WINDOWS\ocgen.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00006790 _____ () C:\WINDOWS\FaxSetup.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00006638 _____ () C:\WINDOWS\iis6.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00004591 _____ () C:\WINDOWS\tsoc.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00004193 _____ () C:\WINDOWS\comsetup.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00003646 _____ () C:\WINDOWS\ntdtcsetup.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00001943 _____ () C:\WINDOWS\imsins.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00001896 _____ () C:\WINDOWS\msmqinst.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000512 _____ () C:\WINDOWS\MedCtrOC.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000479 _____ () C:\WINDOWS\msgsocm.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000469 _____ () C:\WINDOWS\ocmsn.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-12-27 08:08 - 2014-12-27 08:08 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-12-27 07:55 - 2014-12-27 07:55 - 00000360 _____ () C:\WINDOWS\AutoKMS.log
C:\WINDOWS\AutoKMS.exe

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\Temp:07BF512B

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BDRegion => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpyHunter Security Suite => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\KB976002-v5 => value deleted successfully.
HKU\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
HKU\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeSyncProcess => value deleted successfully.
HKU\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Service 16 => value deleted successfully.
HKU\S-1-5-21-57989841-796845957-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\KB976002-v5 => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Documents and Settings\PETR\Data aplikací\Mozilla\Firefox\Profiles\inxwi644.default\Extensions\vpfd@qcczaiua.edu => Moved successfully.
C:\Documents and Settings\PETR\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\fcpdkkafincpilnaenjcjlgmilhkmbhk => Moved successfully.
DgiVecp => Service deleted successfully.
IntelIde => Service deleted successfully.
iSafeKrnlMon => Service deleted successfully.
WS2IFSL => Service deleted successfully.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Documents and Settings\PETR\Plocha\zoek.exe => Moved successfully.
C:\Documents and Settings\PETR\Plocha\adwcleaner_4.106.exe => Moved successfully.
C:\Addition_27-12-2014_14-01-06.zip => Moved successfully.
C:\Documents and Settings\PETR\Plocha\Addition.txt => Moved successfully.
C:\Documents and Settings\PETR\Plocha\FRST.txt => Moved successfully.
C:\Documents and Settings\PETR\Local Settings\Data aplikací\MSGBOX.EXE => Moved successfully.
C:\spyhunter.fix => Moved successfully.
C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP => Moved successfully.
C:\WINDOWS\setupapi.log => Moved successfully.
C:\WINDOWS\ocgen.log => Moved successfully.
C:\WINDOWS\FaxSetup.log => Moved successfully.
C:\WINDOWS\iis6.log => Moved successfully.
C:\WINDOWS\tsoc.log => Moved successfully.
C:\WINDOWS\comsetup.log => Moved successfully.
C:\WINDOWS\ntdtcsetup.log => Moved successfully.
C:\WINDOWS\imsins.log => Moved successfully.
C:\WINDOWS\msmqinst.log => Moved successfully.
C:\WINDOWS\MedCtrOC.log => Moved successfully.
C:\WINDOWS\msgsocm.log => Moved successfully.
C:\WINDOWS\ocmsn.log => Moved successfully.
C:\WINDOWS\tabletoc.log => Moved successfully.
C:\WINDOWS\setuperr.log => Moved successfully.
C:\WINDOWS\setupact.log => Moved successfully.
C:\WINDOWS\AutoKMS.log => Moved successfully.
"C:\WINDOWS\AutoKMS.exe" => File/Directory not found.
C:\WINDOWS\Tasks\AutoKMS.job => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Temp => ":07BF512B" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 693.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:00:34 ====