Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Malware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Antrax
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 01 bře 2014 02:02

Malware

#1 Příspěvek od Antrax »

Dobrý den, opravdu si nevím rady, projel jsem PC několikrát antimalware programy, ale pořád se mi po spuštění pc objeví ruská stránka s hrami casiny apod. Poradíte ?

Děkuji a přeji příjemné svátky

přikládám log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:10:34, on 28.12.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\VLC\vlc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Dave\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
O3 - Toolbar: (no name) - !{855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] D:\Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN34M1C2GJ05SZ:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [SpeedItupFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Dave\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk = ?
O4 - Global Startup: NETGEAR WNA1100 Genie.lnk = C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - (no file)
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - (no file)
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Unknown owner - D:\Games\Adobe Premiere\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SetupARService - Unknown owner - C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe

--
End of file - 14935 bytes
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: HJT je uz nekolik let zcela nedostatecny, dejte prosim log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100 a pripojte i Addition

:arrow: Predpokladam, ze ten ESET jak ma byt = zakoupena licence??
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Antrax
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 01 bře 2014 02:02

Re: Malware

#3 Příspěvek od Antrax »

Přikládam FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Dave (administrator) on PC on 28-12-2014 16:19:02
Running from C:\Users\Dave\Downloads
Loaded Profile: Dave (Available profiles: Dave)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(BitTorrent Inc.) C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-22] (Electronic Arts)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [Google Update] => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-20] (Google Inc.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [RGSC] => D:\Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [SpeedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [Vidalia] => "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [uTorrent] => C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-21] (BitTorrent Inc.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [BitTorrent] => C:\Users\Dave\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-25] (BitTorrent Inc.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {2fafb9ac-90c3-11e2-8e15-50e54931d969} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {593beb1b-c78a-11e3-ba0a-50e54931d969} - H:\AutoRun.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {7a5e68af-79fe-11e3-b158-50e54931d969} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {8d03d729-a054-11e2-aaff-50e54931d969} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {908ec036-5f9d-11e1-a705-50e54931d969} - F:\setup.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {94f33c7e-e532-11e1-96a8-50e54931d969} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {d56e9ce6-9b5c-11e1-9529-50e54931d969} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {f9c5bb8e-9461-11e2-8823-50e54931d969} - H:\HTC_Sync_Manager_PC.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk
ShortcutTarget: Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> DefaultScope {2161106B-97C9-481A-9B09-690E89621D82} URL = http://www.bing.com/search?FORM=UP94DF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> D29AA85A12D74C92B57B0846A4EDD46D URL = http://search.findwide.com/serp?guid={5 ... earchTerms}
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {15E3361E-044F-40A3-83CA-FD4FB5DA50B0} URL = http://www.bigseekpro.com/search/browse ... earchTerms}
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {2161106B-97C9-481A-9B09-690E89621D82} URL = http://www.bing.com/search?FORM=UP94DF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {F1AB6BAB-ACF1-4F9C-B699-00DAE6D18F8A} URL = http://websearch.ask.com/redirect?clien ... 0B8BA1C82D
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {F3D34531-5CBA-48C5-9EAD-645460EF7465} URL = http://search.yahoo.com/search?p={searc ... type=10809
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKLM - No Name - !{855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKLM-x32 - No Name - !{855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> No Name - {4D2EEE9F-1E97-465A-80E6-66F179BC679A} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: @talk.google.com/O1DPlugin -> C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-21]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-08-15]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9532\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta798\ff [Not Found]

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.cz/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.cz/"
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BRoawsoe2save) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlckbjgjhhjpkhidhcdajabioepmcog [2013-04-21]
CHR Extension: (AS Magic Player) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-11-30]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Disk Google) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-23]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-23]
CHR Extension: (Vyhledávání Google) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-23]
CHR Extension: (AdBlock) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-31]
CHR Extension: (USA TV) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmdmikledakimnemaakakeafbiobaggi [2013-10-23]
CHR Extension: (zen temple) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlmiiioabolbmhbhphhfjbohiiijmkee [2014-08-15]
CHR Extension: (Peněženka Google) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-23]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Dave\AppData\Local\Temp\crxB58.tmp [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mhbjinfcpddaegdcdmepckclpclohldc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9532\ch\WebexpEnhancedV1alpha9532.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-22] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-16] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-12] ()
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
S2 AdobeActiveFileMonitor11.0; D:\Games\Adobe Premiere\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [X]
S2 SetupARService; "C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-11-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-25] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 GPU-Z; C:\Users\Dave\AppData\Local\Temp\GPU-Z.sys [27008 2014-07-21] ()
S1 JSWPSLWF; C:\Windows\System32\DRIVERS\jswpslwfx.sys [26624 2008-05-15] (Atheros Communications, Inc.) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-11-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 16:19 - 2014-12-28 16:19 - 00028450 _____ () C:\Users\Dave\Downloads\FRST.txt
2014-12-28 16:18 - 2014-12-28 16:19 - 00000000 ____D () C:\FRST
2014-12-28 16:18 - 2014-12-28 16:18 - 02123264 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2014-12-28 14:10 - 2014-12-28 14:10 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dave\Downloads\hijackthis.exe
2014-12-28 14:10 - 2014-12-28 14:10 - 00014937 _____ () C:\Users\Dave\Downloads\hijackthis.log
2014-12-27 17:45 - 2014-12-27 17:45 - 01068281 _____ () C:\Users\Dave\Downloads\Rome-total-war-2-CRACK-by-LukaSsQo.rar
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 ____D () C:\Users\Dave\Downloads\Rome-total-war-2-CRACK-by-LukaSsQo
2014-12-27 12:17 - 2014-12-28 15:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 12:16 - 2014-12-27 12:19 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-27 12:16 - 2014-12-27 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-27 12:16 - 2014-12-27 12:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 12:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-27 12:16 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-26 23:54 - 2014-12-27 00:03 - 147542040 _____ () C:\Users\Dave\Downloads\lucie.rar
2014-12-26 23:51 - 2014-12-26 23:51 - 00017843 _____ () C:\Users\Dave\Downloads\[CzT]Krystof_Polocas_Best_Of_2007_FLAC_.torrent
2014-12-26 23:50 - 2014-12-26 23:50 - 00017654 _____ () C:\Users\Dave\Downloads\[CzT]Tomas_Klus_Krystof_Cesta.torrent
2014-12-26 23:50 - 2014-12-26 23:50 - 00016592 _____ () C:\Users\Dave\Downloads\[CzT]Krystof_Inzerat_2012_.torrent
2014-12-26 16:46 - 2014-12-26 19:09 - 1364805860 _____ () C:\Users\Dave\Downloads\Príbeh-z-Bronxu.avi
2014-12-26 11:31 - 2014-12-26 11:31 - 00000000 ____D () C:\Users\Dave\Downloads\Sherlock-Holmes-Crimes-and-Punishments-Čeština
2014-12-26 11:20 - 2014-12-26 11:22 - 33641901 _____ () C:\Users\Dave\Downloads\Sherlock-Holmes-Crimes-and-Punishments-Čeština.7z
2014-12-26 11:09 - 2014-12-26 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes Crimes and Punishments
2014-12-25 10:39 - 2014-12-25 10:39 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 15:47 - 2014-12-24 15:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-24 15:47 - 2014-12-24 15:47 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-24 14:29 - 2014-12-24 14:29 - 00000000 ____D () C:\Users\Dave\64467D47FFE44FBCABBAA0DB829A17EB.TMP
2014-12-24 11:20 - 2014-12-24 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2014-12-23 18:24 - 2014-12-23 18:24 - 02775040 _____ () C:\Users\Dave\Downloads\tp_12_05_cz.ppt
2014-12-22 03:15 - 2014-12-22 03:15 - 00000792 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-12-22 03:15 - 2014-12-22 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-12-21 20:35 - 2014-12-21 20:35 - 00000000 __SHD () C:\Users\Dave\AppData\Local\EmieBrowserModeList
2014-12-21 20:02 - 2014-12-21 20:02 - 00000000 ____D () C:\ProgramData\Riot Games
2014-12-21 20:00 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-12-21 20:00 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-12-21 20:00 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-12-21 19:58 - 2014-12-21 20:00 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Riot Games
2014-12-20 21:47 - 2014-12-20 21:47 - 00000883 _____ () C:\Users\Public\Desktop\Metal Gear Solid V Ground Zeroes.lnk
2014-12-20 21:47 - 2014-12-20 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes
2014-12-18 09:05 - 2014-12-18 09:07 - 33458688 _____ () C:\Users\Dave\Downloads\Ma-famille.ppt
2014-12-18 08:42 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 08:42 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 01:26 - 2014-12-28 14:11 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\vlc
2014-12-13 01:24 - 2014-12-13 01:24 - 00000492 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-13 01:24 - 2014-12-13 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-10 07:27 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 07:27 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 07:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 07:08 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 07:08 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 07:08 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 07:08 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 07:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 07:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 07:08 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 07:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 07:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 07:08 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 07:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 07:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 07:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 07:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 07:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 07:08 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:08 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 07:08 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 07:07 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 07:07 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 07:07 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 07:07 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 07:07 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 07:07 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 07:07 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 07:07 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 07:07 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 07:07 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 07:07 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 07:07 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 07:07 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 07:07 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 07:07 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 07:07 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 07:07 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 07:07 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 07:07 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 07:07 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 07:07 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 07:07 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 07:07 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 07:07 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 07:07 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 07:07 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 07:07 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 07:07 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 07:07 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 07:07 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 07:07 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 07:07 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 07:07 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 07:07 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 07:07 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 07:07 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 07:07 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 07:07 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 07:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 07:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 07:07 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 07:07 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 07:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 07:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 07:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 07:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 07:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 07:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 07:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 07:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 07:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 20:13 - 2014-12-08 20:13 - 00000706 _____ () C:\Users\Public\Desktop\WarThunder.lnk
2014-12-08 20:13 - 2014-12-08 20:13 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2014-12-07 18:02 - 2014-12-07 18:02 - 01189376 _____ () C:\Users\Dave\Downloads\Bitva_u_Stalingradu.ppt
2014-11-30 16:36 - 2014-11-30 16:36 - 00000000 ____D () C:\Users\Dave\Documents\Electronic Arts
2014-11-30 16:32 - 2014-11-30 16:32 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\The Sims 4
2014-11-30 01:02 - 2014-11-30 01:10 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\.ACEStream
2014-11-30 01:01 - 2014-11-30 01:10 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\ACEStream
2014-11-30 00:03 - 2014-11-30 00:03 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\PCF-VLC
2014-11-30 00:01 - 2014-11-30 00:01 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Participatory Culture Foundation
2014-11-30 00:01 - 2014-11-30 00:01 - 00000000 ____D () C:\Program Files (x86)\Participatory Culture Foundation

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 16:19 - 2011-10-27 01:39 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\uTorrent
2014-12-28 15:56 - 2014-02-10 22:18 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf26a5ab410844.job
2014-12-28 15:49 - 2012-05-09 21:26 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139976593-1037826550-675370296-1000UA.job
2014-12-28 15:34 - 2012-12-21 18:58 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-28 14:56 - 2011-11-22 16:36 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-28 13:56 - 2009-07-14 05:51 - 00345392 _____ () C:\Windows\setupact.log
2014-12-28 13:48 - 2012-04-23 10:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-28 13:48 - 2011-10-27 01:46 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\BitTorrent
2014-12-28 13:46 - 2009-07-14 05:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-28 13:46 - 2009-07-14 05:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-28 13:43 - 2011-10-27 01:03 - 01838857 _____ () C:\Windows\WindowsUpdate.log
2014-12-28 13:42 - 2011-12-03 11:13 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5D5F9BB-6B82-4B42-8B4B-CAA962B22010}
2014-12-28 13:41 - 2014-02-20 01:17 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Raptr
2014-12-28 13:41 - 2011-10-28 09:56 - 00000000 ____D () C:\ProgramData\Origin
2014-12-28 13:40 - 2011-10-31 13:36 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Skype
2014-12-28 13:38 - 2012-08-08 23:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\HTC MediaHub
2014-12-28 13:38 - 2012-04-27 20:33 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-28 13:37 - 2010-11-21 04:47 - 01185528 _____ () C:\Windows\PFRO.log
2014-12-28 13:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 01:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2014-12-27 21:26 - 2013-10-07 11:00 - 00000000 ____D () C:\Users\Dave\Documents\FIFA 14
2014-12-27 20:49 - 2012-05-09 21:26 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139976593-1037826550-675370296-1000Core.job
2014-12-27 17:46 - 2011-12-10 21:00 - 00000000 ____D () C:\Users\Dave\AppData\Local\SKIDROW
2014-12-27 13:07 - 2014-02-18 00:43 - 00000000 ____D () C:\Program Files\Update Software
2014-12-27 12:17 - 2011-12-13 18:36 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Malwarebytes
2014-12-27 12:16 - 2011-12-13 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-26 11:18 - 2011-10-27 02:23 - 00000000 ____D () C:\Users\Dave\Documents\My Games
2014-12-24 22:29 - 2014-04-13 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-12-24 22:29 - 2012-12-22 10:58 - 00000000 ____D () C:\ProgramData\Orbit
2014-12-24 22:27 - 2011-04-12 09:34 - 00677722 _____ () C:\Windows\system32\perfh005.dat
2014-12-24 22:27 - 2011-04-12 09:34 - 00146640 _____ () C:\Windows\system32\perfc005.dat
2014-12-24 22:27 - 2009-07-14 06:13 - 01612504 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 15:47 - 2011-10-27 01:03 - 00000000 ____D () C:\Users\Dave
2014-12-24 14:22 - 2012-02-19 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2014-12-24 12:36 - 2012-08-27 21:36 - 00000000 ____D () C:\Users\Dave\Documents\Telltale Games
2014-12-22 13:30 - 2011-11-06 13:04 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\TS3Client
2014-12-22 03:22 - 2011-11-03 18:54 - 00000000 ____D () C:\Users\Dave\Documents\BioWare
2014-12-21 11:46 - 2011-10-31 13:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-21 11:46 - 2011-10-31 13:35 - 00000000 ____D () C:\ProgramData\Skype
2014-12-13 01:57 - 2011-11-22 16:37 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 16:31 - 2014-02-13 09:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 17:34 - 2012-12-21 18:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 17:34 - 2012-12-21 18:58 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 17:34 - 2011-10-27 01:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 16:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 07:31 - 2013-08-11 23:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 07:31 - 2011-11-24 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 07:28 - 2011-10-28 10:21 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 07:00 - 2014-02-27 17:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 21:02 - 2013-10-21 21:17 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\BSplayer
2014-12-09 14:34 - 2014-02-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-08 18:17 - 2009-07-14 06:08 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-01 14:05 - 2011-10-28 13:00 - 00000000 ___HD () C:\Users\Dave\AppData\Roaming\Origin
2014-11-30 16:32 - 2014-01-12 16:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-30 13:21 - 2012-04-28 16:59 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-30 13:16 - 2012-04-28 16:59 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

Files to move or delete:
====================
C:\Users\Dave\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Dave\AppData\Local\Temp\APNSetup.exe
C:\Users\Dave\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Dave\AppData\Local\Temp\AutoRun.exe
C:\Users\Dave\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Dave\AppData\Local\Temp\avguidx.dll
C:\Users\Dave\AppData\Local\Temp\BRSVC_1294792_hlp.exe
C:\Users\Dave\AppData\Local\Temp\CH.dll
C:\Users\Dave\AppData\Local\Temp\chutil.dll
C:\Users\Dave\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Dave\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Dave\AppData\Local\Temp\comver.dll
C:\Users\Dave\AppData\Local\Temp\contentDATs.exe
C:\Users\Dave\AppData\Local\Temp\Copy.dll
C:\Users\Dave\AppData\Local\Temp\CTun.exe
C:\Users\Dave\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Dave\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Dave\AppData\Local\Temp\detectionui_r.exe
C:\Users\Dave\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Dave\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Dave\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Dave\AppData\Local\Temp\EAInstall.dll
C:\Users\Dave\AppData\Local\Temp\eauninstall.exe
C:\Users\Dave\AppData\Local\Temp\genteert.dll
C:\Users\Dave\AppData\Local\Temp\ginstall.dll
C:\Users\Dave\AppData\Local\Temp\GLF14A8.tmp.dll
C:\Users\Dave\AppData\Local\Temp\GLF8C2A.tmp.dll
C:\Users\Dave\AppData\Local\Temp\GLFD7E9.tmp.dll
C:\Users\Dave\AppData\Local\Temp\htmlayout.dll
C:\Users\Dave\AppData\Local\Temp\i4jdel0.exe
C:\Users\Dave\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Dave\AppData\Local\Temp\installerdll1749863.dll
C:\Users\Dave\AppData\Local\Temp\installerdll23616694.dll
C:\Users\Dave\AppData\Local\Temp\installerdll23626179.dll
C:\Users\Dave\AppData\Local\Temp\installerdll83641246.dll
C:\Users\Dave\AppData\Local\Temp\InstHelper.exe
C:\Users\Dave\AppData\Local\Temp\local.dll
C:\Users\Dave\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Dave\AppData\Local\Temp\MassEffect2-1.02.exe
C:\Users\Dave\AppData\Local\Temp\MP3_Launcher_1_27_0_0.exe
C:\Users\Dave\AppData\Local\Temp\MP3_Patch_Update_1_0_0_78.exe
C:\Users\Dave\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\Dave\AppData\Local\Temp\oi_{075A8866-1DF0-4911-93A4-3EB2275ECA7C}.exe
C:\Users\Dave\AppData\Local\Temp\oi_{D579C9CC-C53E-4494-B384-7FD0F302F736}.exe
C:\Users\Dave\AppData\Local\Temp\ose00000.exe
C:\Users\Dave\AppData\Local\Temp\pyl3E9C.tmp.exe
C:\Users\Dave\AppData\Local\Temp\pyl3F03.tmp.exe
C:\Users\Dave\AppData\Local\Temp\pyl43B5.tmp.exe
C:\Users\Dave\AppData\Local\Temp\pyl74A2.tmp.exe
C:\Users\Dave\AppData\Local\Temp\pylF4FD.tmp.exe
C:\Users\Dave\AppData\Local\Temp\Quarantine.exe
C:\Users\Dave\AppData\Local\Temp\raptrpatch.exe
C:\Users\Dave\AppData\Local\Temp\readSTILog.dll
C:\Users\Dave\AppData\Local\Temp\ResetDevice.exe
C:\Users\Dave\AppData\Local\Temp\rootsupd.exe
C:\Users\Dave\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Dave\AppData\Local\Temp\sfextra.dll
C:\Users\Dave\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dave\AppData\Local\Temp\sonarinst.exe
C:\Users\Dave\AppData\Local\Temp\sqlite3.dll
C:\Users\Dave\AppData\Local\Temp\swt-win32-3346.dll
C:\Users\Dave\AppData\Local\Temp\tmpB00C.exe
C:\Users\Dave\AppData\Local\Temp\tmpBCF8.exe
C:\Users\Dave\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Dave\AppData\Local\Temp\ubiE802.tmp.exe
C:\Users\Dave\AppData\Local\Temp\unins000.exe
C:\Users\Dave\AppData\Local\Temp\Uninstall.exe
C:\Users\Dave\AppData\Local\Temp\utt61E0.tmp.exe
C:\Users\Dave\AppData\Local\Temp\utt7FBB.tmp.exe
C:\Users\Dave\AppData\Local\Temp\uttAFFF.tmp.exe
C:\Users\Dave\AppData\Local\Temp\uttB028.tmp.exe
C:\Users\Dave\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Dave\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Dave\AppData\Local\Temp\w0-2htow.dll
C:\Users\Dave\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Dave\AppData\Local\Temp\_isA29.exe
C:\Users\Dave\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 21:49

==================== End Of Log ============================
Děkuji za Váš čas :)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware

#4 Příspěvek od vyosek »

vyosek píše: :arrow: Predpokladam, ze ten ESET jak ma byt = zakoupena licence??
:???: :???: :???:

Dejte i log Addition.txt, o ktery jsem zadal :)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Antrax
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 01 bře 2014 02:02

Re: Malware

#5 Příspěvek od Antrax »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Dave at 2014-12-28 16:19:36
Running from C:\Users\Dave\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 7.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
µTorrent (HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires Online (HKLM-x32\...\GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}) (Version: 1.0.0000.129 - Microsoft Studios)
Age of Empires Online (x32 Version: 1.0.0000.129 - Microsoft Studios) Hidden
Age of Chivalry (HKLM-x32\...\Steam App 17510) (Version: - Team Chivalry)
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
Assassins Creed IV Black Flag version 1.0.0.0 (HKLM-x32\...\Assassins Creed IV Black Flag_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Assassin's Creed Unity (HKLM-x32\...\Assassin's Creed Unity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Audacity 1.3.11 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
AVI ReComp 1.5.3 (HKLM-x32\...\AVI ReComp) (Version: 1.5.3 - Mateusz Gola (aka Prozac))
Battlecraft 1942 (HKLM-x32\...\Battlecraft 19422.1) (Version: - )
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.4.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlefield Mod Development Toolkit 2.0 Beta (HKLM-x32\...\MDT) (Version: - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
BioShock Infinite Burial at Sea - Episode 1 (HKLM-x32\...\QmlvU2hvY2tJbmZpbml0ZQ==_is1) (Version: 1 - )
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)
BitTorrent (HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
Centrum zařízení Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
ComicRack v0.9.170 (HKLM\...\ComicRack) (Version: v0.9.170 - cYo Soft)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version: - Valve)
Deus Ex - Human Revolution version 1.0 (HKLM-x32\...\{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1) (Version: 1.0 - Square Enix)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve )
Dragon Age Inquisition (HKLM-x32\...\Dragon Age Inquisition_is1) (Version: 1.0.0.0 - Релиз от R.G. Steamgames)
Empire Earth III (HKLM-x32\...\{B17E235C-7A3B-4482-B650-21FFDE1D452E}) (Version: 1.00.0000 - Sierra Entertainment)
ESET NOD32 Antivirus (HKLM\...\{04E87298-12FC-47DF-99FB-A948527F3977}) (Version: 7.0.317.4 - ESET, spol s r. o.)
Eternal Silence (HKLM-x32\...\Steam App 17550) (Version: - ES Team)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.98 - Etron Technology) Hidden
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.00 - Ubisoft)
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
FormatFactory 3.00 (HKLM-x32\...\FormatFactory) (Version: 3.00 - Free Time)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Game of Thrones - A Telltale Games Series v1.0 / RePack by Azaq (HKLM-x32\...\Game of Thrones - A Telltale Games Series_is1) (Version: - )
Game of Thrones A Telltale Games Series v.версия 1.0.0.1 (HKLM-x32\...\Game of Thrones A Telltale Games Series_is1) (Version: - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
HP Deskjet 3520 series Nápověda (HKLM-x32\...\{D259C419-D776-4163-B27C-19722C555237}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{368E4EF8-E840-40EE-A224-50B8D1DC2B12}) (Version: 2.4.36.0 - HTC)
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
ICQ7.6 (HKLM-x32\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ)
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
Inkscape 0.48.1 (HKLM-x32\...\Inkscape) (Version: 0.48.1 - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Left 4 Dead 2 Add-on Support (HKLM-x32\...\Steam App 564) (Version: - Valve)
Malwarebytes Anti-Malware verze 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metal Gear Solid V Ground Zeroes (HKLM-x32\...\Metal Gear Solid V Ground Zeroes_is1) (Version: 1.0.0.1 - Релиз от R.G. Steamgames)
Metro: Last Light (c) Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0405-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual Studio 2010 Professional - CSY (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - CSY Language Pack) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Napoleon - Total War (HKLM-x32\...\{3AC51E93-70C3-42B5-B95D-F41347DC972B}_is1) (Version: - )
Native Instruments Traktor DJ Studio 3 (HKLM-x32\...\Native Instruments Traktor DJ Studio 3) (Version: - )
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.3.0.0 - Electronic Arts)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.3 (HKLM-x32\...\{10B43A43-FF73-47FD-83E8-A503E84F9ED6}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\T3V0bGFzdA==_is1) (Version: 1 - )
PDF Editor 4 (HKLM-x32\...\PDF Editor 4) (Version: - )
Pivot Stickfigure DB Toolbar (HKLM-x32\...\Pivot Stickfigure DB Toolbar) (Version: - )
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quick Slide Show (HKLM-x32\...\Quick Slide Show) (Version: 2.33 - NarAnd comp.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
SaveVid Plug-in (HKLM-x32\...\SaveVid Plug-in) (Version: 2.0.0.107556 - Bandoo Media, Inc)
SaveVid Plug-in (x32 Version: 2.0.0.107556 - Bandoo Media, Inc) Hidden
Sherlock Holmes Crimes and Punishments (HKLM-x32\...\Sherlock Holmes Crimes and Punishments_is1) (Version: - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Studie vylepšování produktu HP Deskjet 3520 series (HKLM\...\{B7AED02F-7D1B-4806-831B-C06841A282C4}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
The Guild 2 (HKLM-x32\...\TheGuild2) (Version: - )
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - )
The Sims 4 (HKLM-x32\...\The Sims 4_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
The Sims 4 Deluxe Edition version 1.0 Update 1 (HKLM-x32\...\The Sims 4 Deluxe Edition_is1) (Version: 1.0 Update 1 - GMT-MAX.ORG)
The Walking Dead (c) 3 version 1 (HKLM-x32\...\The Walking Dead (c) 3_is1) (Version: 1 - )
The Walking Dead 400 Days (HKLM-x32\...\VGhlV2Fsa2luZ0RlYWQ=_is1) (Version: 1 - )
The Walking Dead Episode 2 - Starved for Help (HKLM-x32\...\The Walking Dead_is1) (Version: - )
The Walking Dead Episode 3 (c) TellTale Games version 1 (HKLM-x32\...\The Walking Dead Episode 3 (c) TellTale Games_is1) (Version: 1 - )
The Walking Dead Season 2 EP 2 (HKLM-x32\...\The Walking Dead Season 2 EP 2_is1) (Version: - )
The Walking Dead: Season 2 Episode 3 (HKLM-x32\...\VGhlV2Fsa2luZ0RlYWRTZWFzb24y_is1) (Version: 1 - )
Thief (HKLM-x32\...\Thief_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vegas Pro 11.0 (HKLM-x32\...\{B5B98340-0296-11E2-8B8E-F04DA23A5C58}) (Version: 11.0.700 - Sony)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder Launcher 1.0.1.465 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
Watch Dogs Bad Blood Full DLC [AmGaD-SaLaH] version 1.0.8.0 (HKLM-x32\...\Watch Dogs Bad Blood Full DLC [AmGaD-SaLaH]_is1) (Version: 1.0.8.0 - TeRM!NaToR)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Základní software zařízení HP Deskjet 3520 series (HKLM\...\{7EBD8BA7-DF64-4BF9-9BC1-B0D53984FC6E}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version: - Zombie Panic! Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dave\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3139976593-1037826550-675370296-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

28-12-2014 14:42:28 Naplánovaný kontrolní bod

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0131D623-ED34-4DD2-A91B-5857A34E6AEF} - System32\Tasks\{21FD347A-DD1C-4DB4-8F81-742F01DEFCE2} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.158/cs/a ... age=tsMain
Task: {1656DFAC-CDAA-4C3E-822C-A4DD03482860} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3139976593-1037826550-675370296-1000UA => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-20] (Google Inc.)
Task: {1812AEDF-5DDE-4DF7-805C-DA8AE49076C8} - System32\Tasks\{18146C8B-4302-4EFB-A2A6-E891B77A7E53} => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13] (DT Soft Ltd)
Task: {28E0A6CD-D597-4593-B88D-9EA89167E6CF} - System32\Tasks\{66AF5543-8C08-4EB5-9A13-5A5FFFAB1190} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Task: {4EF143C7-C1D5-4040-AC05-D00D2E0D967E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3139976593-1037826550-675370296-1000Core => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-20] (Google Inc.)
Task: {4FE3063A-5586-465F-92F2-A47C8F047948} - System32\Tasks\{AB07E68F-C3A4-4F34-B9D3-8A1B50D4DE8B} => pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe" -c /AppMode=SETUP /Uninstall
Task: {57F020FA-8CC0-44A9-BACA-5328CD21B1F7} - System32\Tasks\{D042A67C-0F78-4D59-8B65-34B1F752E310} => pcalua.exe -a F:\Sims3Setup.exe -d F:\
Task: {5DBF3C37-D29A-45E5-95A1-60C4E596184B} - System32\Tasks\{36C4E510-E29E-481F-9448-A5CB852838E1} => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13] (DT Soft Ltd)
Task: {655431F8-0294-4031-BAEA-E244492B8969} - System32\Tasks\{8E104B49-B467-4E95-8A3E-5E0F65BB174B} => Chrome.exe http://ui.skype.com/ui/0/5.8.0.158/cs/a ... age=tsMain
Task: {657A4441-7ABF-4473-9C76-112C41754486} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {76B3E7DD-0EFA-42AA-8682-D116F7CBA951} - System32\Tasks\GoogleUpdateTaskMachineUA1cf26a5ab410844 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {8B17447A-ACB1-4D81-B0FD-648AC5CD92E7} - System32\Tasks\{F3CB8FE4-4C43-47B9-97BF-6AEC828A9724} => D:\Watch Dogs\Watch Dogs\bin\GameLauncher_x64.exe
Task: {95C26B65-3196-4B14-9222-7C42CAC8974F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3139976593-1037826550-675370296-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A282D34A-CFF0-45DF-B7E7-36AC7B24DEF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {A4AF273C-3D9B-4E4F-B625-B2F0DC6EDEFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A81F227D-182A-47CA-B318-7802088D009C} - System32\Tasks\{F2C2C8D9-196D-4C28-BDBF-EAAD3294AF25} => pcalua.exe -a C:\Windows\iun6002.exe -c "C:\Program Files (x86)\EA GAMES\Battlecraft 1942\irunin.ini"
Task: {AE83BF30-D057-4E53-A150-CA2D72FDA12C} - System32\Tasks\{98FC4FB8-D3A7-4E27-BD54-B18BE4CC13E8} => pcalua.exe -a F:\OriginInstaller.exe -d F:\
Task: {BAA2CEEA-6ACD-44DB-A6FD-E4A9DB0AE5AF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3139976593-1037826550-675370296-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CC53FE34-6F72-43B2-A3EE-7446D2F6774D} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D47F78C7-79D5-46E0-B9B6-6C678FFF931A} - \DriverScanner No Task File <==== ATTENTION
Task: {D9BBAC41-BBAD-4ADE-8E9E-BA040B5736F5} - System32\Tasks\{5496A0DD-CB13-402A-A32D-9F2D5A88D8B1} => pcalua.exe -a C:\Steam\steam.exe -c steam://uninstall/1250
Task: {E6267605-06D4-4922-93F3-1DF0B1C868C9} - System32\Tasks\{23FB7626-8D4D-43AC-9CE1-ABCE8C8EBE4D} => pcalua.exe -a D:\Games\FIFA.13.INTERNAL-RELOADED\rld-fifa13\Installer.exe -d D:\Games\FIFA.13.INTERNAL-RELOADED\rld-fifa13
Task: {E74755B8-A7E2-47AE-B6BD-ECCBCBC1D73B} - System32\Tasks\{578FFA44-FC98-490F-AD0D-45D040E699A9} => C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-07-28] ()
Task: {F35F99B7-B1ED-489B-99BA-05FB28DC0CE4} - System32\Tasks\Origin => C:\Users\Dave\AppData\Roaming\Origin\update.vbe [2014-09-07] () <==== ATTENTION
Task: {FB3B8BEC-437D-46B3-B113-F1949C15BD44} - System32\Tasks\{4EE7BB0E-C969-4696-A1E7-63861C5FA243} => pcalua.exe -a C:\PROGRA~2\GAMESP~1\UNWISE.EXE -c C:\PROGRA~2\GAMESP~1\INSTALL.LOG
Task: {FC23DC64-8A7A-44AB-9CDD-558B4F9BE309} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf26a5ab410844.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139976593-1037826550-675370296-1000Core.job => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139976593-1037826550-675370296-1000UA.job => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-07-16 22:26 - 2014-07-16 22:26 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-01-26 11:55 - 2014-01-26 11:55 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-03-31 20:25 - 2011-07-28 17:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2013-03-31 20:25 - 2011-07-28 17:06 - 08247264 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2013-11-14 21:30 - 2013-11-14 21:30 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-01-26 11:54 - 2014-01-26 11:54 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-11-14 21:31 - 2013-11-14 21:31 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-11-14 21:31 - 2013-11-14 21:31 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-11-14 21:31 - 2013-11-14 21:31 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-11-14 21:33 - 2013-11-14 21:33 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2013-11-14 21:34 - 2013-11-14 21:34 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-03-31 20:25 - 2011-07-27 11:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2014-01-29 13:18 - 2014-12-22 02:11 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-01-29 13:18 - 2014-12-22 02:11 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-01-29 13:18 - 2014-12-22 02:11 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-01-29 13:18 - 2014-12-22 02:11 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-01-29 13:18 - 2014-12-22 02:11 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-01-29 13:18 - 2014-12-22 02:11 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-01-29 13:18 - 2014-12-22 02:11 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-01-29 13:18 - 2014-12-22 02:11 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2011-07-28 16:11 - 2011-07-28 16:11 - 00090112 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraCsy.dll
2013-03-31 20:25 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
2011-01-17 16:19 - 2011-11-24 22:04 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-12-13 01:57 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 01:57 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 01:57 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 01:57 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 01:57 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3139976593-1037826550-675370296-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3139976593-1037826550-675370296-1004 - Limited - Enabled)
Dave (S-1-5-21-3139976593-1037826550-675370296-1000 - Administrator - Enabled) => C:\Users\Dave
Guest (S-1-5-21-3139976593-1037826550-675370296-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3139976593-1037826550-675370296-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2014 02:38:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro debuggerproxy.dll,processorArchitecture="X86",type="win32",version="1.0.0.0"1 se nezdařilo.
Závislé sestavení debuggerproxy.dll,processorArchitecture="X86",type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (12/28/2014 01:39:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 01:03:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 09:50:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro debuggerproxy.dll,processorArchitecture="X86",type="win32",version="1.0.0.0"1 se nezdařilo.
Závislé sestavení debuggerproxy.dll,processorArchitecture="X86",type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (12/27/2014 00:06:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 00:06:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WNA1100.exe, verze: 1.1.4.27, časové razítko: 0x4e2fbdc9
Název chybujícího modulu: WNA1100.exe, verze: 1.1.4.27, časové razítko: 0x4e2fbdc9
Kód výjimky: 0xc0000005
Posun chyby: 0x0000d919
ID chybujícího procesu: 0xf18
Čas spuštění chybující aplikace: 0xWNA1100.exe0
Cesta k chybující aplikaci: WNA1100.exe1
Cesta k chybujícímu modulu: WNA1100.exe2
ID zprávy: WNA1100.exe3

Error: (12/27/2014 02:45:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Mafia2.exe, verze: 1.0.0.1, časové razítko: 0x4cc182e0
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x3f66723c
ID chybujícího procesu: 0xf480
Čas spuštění chybující aplikace: 0xMafia2.exe0
Cesta k chybující aplikaci: Mafia2.exe1
Cesta k chybujícímu modulu: Mafia2.exe2
ID zprávy: Mafia2.exe3

Error: (12/26/2014 10:46:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 11:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 10:38:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WNA1100.exe, verze: 1.1.4.27, časové razítko: 0x4e2fbdc9
Název chybujícího modulu: WNA1100.exe, verze: 1.1.4.27, časové razítko: 0x4e2fbdc9
Kód výjimky: 0xc0000005
Posun chyby: 0x0000d919
ID chybujícího procesu: 0xc38
Čas spuštění chybující aplikace: 0xWNA1100.exe0
Cesta k chybující aplikaci: WNA1100.exe1
Cesta k chybujícímu modulu: WNA1100.exe2
ID zprávy: WNA1100.exe3


System errors:
=============
Error: (12/28/2014 02:41:18 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (12/28/2014 01:38:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
JSWPSLWF

Error: (12/28/2014 01:38:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SetupARService neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (12/28/2014 01:02:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
JSWPSLWF

Error: (12/28/2014 01:02:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SetupARService neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (12/27/2014 02:46:05 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (12/27/2014 00:06:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (12/27/2014 00:06:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Search bylo dosaženo časového limitu (30000 ms).

Error: (12/27/2014 00:06:12 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/27/2014 00:05:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
JSWPSLWF


Microsoft Office Sessions:
=========================
Error: (12/28/2014 02:38:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: debuggerproxy.dll,processorArchitecture="X86",type="win32",version="1.0.0.0"c:\program files (x86)\microsoft visual studio 10.0\Common7\IDE\devenv.exe

Error: (12/28/2014 01:39:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/28/2014 01:03:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 09:50:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: debuggerproxy.dll,processorArchitecture="X86",type="win32",version="1.0.0.0"c:\program files (x86)\microsoft visual studio 10.0\Common7\IDE\devenv.exe

Error: (12/27/2014 00:06:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/27/2014 00:06:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WNA1100.exe1.1.4.274e2fbdc9WNA1100.exe1.1.4.274e2fbdc9c00000050000d919f1801d021c50e8b1fdfC:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exeC:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe68707e42-8db8-11e4-b663-50e54931d969

Error: (12/27/2014 02:45:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Mafia2.exe1.0.0.14cc182e0unknown0.0.0.000000000c00000053f66723cf48001d021760f38ae93D:\Games\Mafia 2\Mafia II\pc\Mafia2.exeunknownfe2954b7-8d69-11e4-afff-50e54931d969

Error: (12/26/2014 10:46:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 11:05:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/25/2014 10:38:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WNA1100.exe1.1.4.274e2fbdc9WNA1100.exe1.1.4.274e2fbdc9c00000050000d919c3801d0202635669375C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exeC:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exec4d304f2-8c19-11e4-ad3f-50e54931d969


CodeIntegrity Errors:
===================================
Date: 2014-12-28 13:37:44.493
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-28 13:37:44.462
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-28 01:01:36.493
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-28 01:01:36.446
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-27 12:05:01.117
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-27 12:05:01.086
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-26 10:44:25.964
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-26 10:44:25.933
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-25 23:03:30.058
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-25 23:03:30.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\jswpslwfx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 26%
Total physical RAM: 12271.12 MB
Available physical RAM: 8985.27 MB
Total Pagefile: 24540.41 MB
Available Pagefile: 20587.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:381.51 GB) (Free:5.23 GB) NTFS
Drive d: () (Fixed) (Total:549.9 GB) (Free:13.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 458092EB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=549.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=381.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware

#6 Příspěvek od vyosek »

vyosek píše:
vyosek píše: :arrow: Predpokladam, ze ten ESET jak ma byt = zakoupena licence??
:???: :???: :???:
Dobra, zeptam se potreti, jak je na tom ten ESET :???: :???: :???: Zakoupeny nebo cinknuty :???: :???: :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Antrax
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 01 bře 2014 02:02

Re: Malware

#7 Příspěvek od Antrax »

Už mi propadla licence :/
Ještě kdybych se mohl zeptat, není tam náhodou ještě nějaká ta havět? :D
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware

#8 Příspěvek od vyosek »

:arrow: Propadla licence = zadna licence = zadna ochrana a nelegalni pouzivani

:arrow: Haveti je tam spousty :arcisit:

:arrow: Pred pripadnym pokracovanim a pomoci, vas musim pozadat o odstraneni NELEGALNIHO Esetu. Tento muj "pozadavek" vychazi z platnych pravidel fora http://forum.viry.cz/viewtopic.php?f=12&t=115512, ktere jste vy i ja povinnen dodrzovat
Pomáhat NELZE:
2) Pokud stroj uživatele obsahuje nelegální hostitelský čí ochranný software
(operační systém, antivir, firewall, atd.), je nutné navést uživatele k nápravě, např. skrze neplacený software,
a začít řešit, až v době kdy je PC "v pořádku". V případě že uživatel nechce na pravidla přistoupit,
je nutné jej vyzvat ať fórum opustí, a vrátí se až je splní.
:arrow: Takze pokud chcete pomoci, tak jej odinstalujte, nainstalujte free reseni (napr. Avast Free http://www.avast.com/get/gWR5mo92 ), napiste a budeme pokracovat

:arrow: A dejte novy log z FRST
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Antrax
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 01 bře 2014 02:02

Re: Malware

#9 Příspěvek od Antrax »

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Dave (administrator) on PC on 28-12-2014 20:51:25
Running from C:\Users\Dave\Downloads
Loaded Profile: Dave (Available profiles: Dave)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-22] (Electronic Arts)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [Google Update] => C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-20] (Google Inc.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [RGSC] => D:\Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [SpeedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [Vidalia] => "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [uTorrent] => C:\Users\Dave\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-21] (BitTorrent Inc.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [BitTorrent] => C:\Users\Dave\AppData\Roaming\BitTorrent\BitTorrent.exe [1388888 2014-11-25] (BitTorrent Inc.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {2fafb9ac-90c3-11e2-8e15-50e54931d969} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {593beb1b-c78a-11e3-ba0a-50e54931d969} - H:\AutoRun.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {7a5e68af-79fe-11e3-b158-50e54931d969} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {8d03d729-a054-11e2-aaff-50e54931d969} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {908ec036-5f9d-11e1-a705-50e54931d969} - F:\setup.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {94f33c7e-e532-11e1-96a8-50e54931d969} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {d56e9ce6-9b5c-11e1-9529-50e54931d969} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3139976593-1037826550-675370296-1000\...\MountPoints2: {f9c5bb8e-9461-11e2-8823-50e54931d969} - H:\HTC_Sync_Manager_PC.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk
ShortcutTarget: Sledovat výstrahy inkoustu - HP Deskjet 3520 series (Síť).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> DefaultScope {2161106B-97C9-481A-9B09-690E89621D82} URL = http://www.bing.com/search?FORM=UP94DF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> D29AA85A12D74C92B57B0846A4EDD46D URL = http://search.findwide.com/serp?guid={5 ... earchTerms}
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {15E3361E-044F-40A3-83CA-FD4FB5DA50B0} URL = http://www.bigseekpro.com/search/browse ... earchTerms}
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {2161106B-97C9-481A-9B09-690E89621D82} URL = http://www.bing.com/search?FORM=UP94DF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {F1AB6BAB-ACF1-4F9C-B699-00DAE6D18F8A} URL = http://websearch.ask.com/redirect?clien ... 0B8BA1C82D
SearchScopes: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> {F3D34531-5CBA-48C5-9EAD-645460EF7465} URL = http://search.yahoo.com/search?p={searc ... type=10809
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKLM - No Name - !{855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKLM-x32 - No Name - !{855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKU\S-1-5-21-3139976593-1037826550-675370296-1000 -> No Name - {4D2EEE9F-1E97-465A-80E6-66F179BC679A} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: @talk.google.com/O1DPlugin -> C:\Users\Dave\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3139976593-1037826550-675370296-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dave\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-21]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9532\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta798\ff [Not Found]

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.google.cz/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.cz/"
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BRoawsoe2save) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlckbjgjhhjpkhidhcdajabioepmcog [2013-04-21]
CHR Extension: (AS Magic Player) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-11-30]
CHR Profile: C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Disk Google) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-23]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-23]
CHR Extension: (Vyhledávání Google) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-23]
CHR Extension: (AdBlock) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-31]
CHR Extension: (USA TV) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmdmikledakimnemaakakeafbiobaggi [2013-10-23]
CHR Extension: (zen temple) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlmiiioabolbmhbhphhfjbohiiijmkee [2014-08-15]
CHR Extension: (Peněženka Google) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-23]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Dave\AppData\Local\Temp\crxB58.tmp [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [mhbjinfcpddaegdcdmepckclpclohldc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9532\ch\WebexpEnhancedV1alpha9532.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-22] (Electronic Arts)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-16] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-12] ()
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
S2 AdobeActiveFileMonitor11.0; D:\Games\Adobe Premiere\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [X]
S2 SetupARService; "C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-11-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-25] (DT Soft Ltd)
S3 GPU-Z; C:\Users\Dave\AppData\Local\Temp\GPU-Z.sys [27008 2014-07-21] ()
S1 JSWPSLWF; C:\Windows\System32\DRIVERS\jswpslwfx.sys [26624 2008-05-15] (Atheros Communications, Inc.) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-11-02] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
R4 eamonm; system32\DRIVERS\eamonm.sys [X]
R4 ehdrv; system32\DRIVERS\ehdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 20:36 - 2014-12-28 20:36 - 00936076 _____ () C:\Users\Dave\Downloads\ASSASSINS_CREED-UNITY_ČEŠTINA-+-NÁVOD.rar
2014-12-28 16:19 - 2014-12-28 20:51 - 00026678 _____ () C:\Users\Dave\Downloads\FRST.txt
2014-12-28 16:19 - 2014-12-28 16:19 - 00050629 _____ () C:\Users\Dave\Downloads\Addition.txt
2014-12-28 16:18 - 2014-12-28 20:51 - 00000000 ____D () C:\FRST
2014-12-28 16:18 - 2014-12-28 16:18 - 02123264 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe
2014-12-27 17:45 - 2014-12-27 17:45 - 01068281 _____ () C:\Users\Dave\Downloads\Rome-total-war-2-CRACK-by-LukaSsQo.rar
2014-12-27 17:45 - 2014-12-27 17:45 - 00000000 ____D () C:\Users\Dave\Downloads\Rome-total-war-2-CRACK-by-LukaSsQo
2014-12-26 23:54 - 2014-12-27 00:03 - 147542040 _____ () C:\Users\Dave\Downloads\lucie.rar
2014-12-26 23:51 - 2014-12-26 23:51 - 00017843 _____ () C:\Users\Dave\Downloads\[CzT]Krystof_Polocas_Best_Of_2007_FLAC_.torrent
2014-12-26 23:50 - 2014-12-26 23:50 - 00017654 _____ () C:\Users\Dave\Downloads\[CzT]Tomas_Klus_Krystof_Cesta.torrent
2014-12-26 23:50 - 2014-12-26 23:50 - 00016592 _____ () C:\Users\Dave\Downloads\[CzT]Krystof_Inzerat_2012_.torrent
2014-12-26 16:46 - 2014-12-26 19:09 - 1364805860 _____ () C:\Users\Dave\Downloads\Príbeh-z-Bronxu.avi
2014-12-26 11:31 - 2014-12-26 11:31 - 00000000 ____D () C:\Users\Dave\Downloads\Sherlock-Holmes-Crimes-and-Punishments-Čeština
2014-12-26 11:20 - 2014-12-26 11:22 - 33641901 _____ () C:\Users\Dave\Downloads\Sherlock-Holmes-Crimes-and-Punishments-Čeština.7z
2014-12-26 11:09 - 2014-12-26 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes Crimes and Punishments
2014-12-25 10:39 - 2014-12-25 10:39 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 15:47 - 2014-12-24 15:47 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-24 15:47 - 2014-12-24 15:47 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-12-24 14:29 - 2014-12-24 14:29 - 00000000 ____D () C:\Users\Dave\64467D47FFE44FBCABBAA0DB829A17EB.TMP
2014-12-24 11:20 - 2014-12-24 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2014-12-23 18:24 - 2014-12-23 18:24 - 02775040 _____ () C:\Users\Dave\Downloads\tp_12_05_cz.ppt
2014-12-22 03:15 - 2014-12-22 03:15 - 00000792 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-12-22 03:15 - 2014-12-22 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-12-21 20:35 - 2014-12-21 20:35 - 00000000 __SHD () C:\Users\Dave\AppData\Local\EmieBrowserModeList
2014-12-21 20:02 - 2014-12-21 20:02 - 00000000 ____D () C:\ProgramData\Riot Games
2014-12-21 20:00 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-12-21 20:00 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-12-21 20:00 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-12-21 19:58 - 2014-12-21 20:00 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Riot Games
2014-12-20 21:47 - 2014-12-20 21:47 - 00000883 _____ () C:\Users\Public\Desktop\Metal Gear Solid V Ground Zeroes.lnk
2014-12-20 21:47 - 2014-12-20 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid V Ground Zeroes
2014-12-18 09:05 - 2014-12-18 09:07 - 33458688 _____ () C:\Users\Dave\Downloads\Ma-famille.ppt
2014-12-18 08:42 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 08:42 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 01:26 - 2014-12-28 20:16 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\vlc
2014-12-13 01:24 - 2014-12-13 01:24 - 00000492 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-13 01:24 - 2014-12-13 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-10 07:27 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 07:27 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 07:08 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 07:08 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 07:08 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 07:08 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 07:08 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 07:08 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 07:08 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 07:08 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 07:08 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 07:08 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 07:08 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 07:08 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 07:08 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 07:08 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 07:08 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 07:08 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 07:08 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:08 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 07:08 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 07:07 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 07:07 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 07:07 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 07:07 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 07:07 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 07:07 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 07:07 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 07:07 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 07:07 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 07:07 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 07:07 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 07:07 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 07:07 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 07:07 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 07:07 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 07:07 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 07:07 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 07:07 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 07:07 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 07:07 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 07:07 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 07:07 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 07:07 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 07:07 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 07:07 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 07:07 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 07:07 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 07:07 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 07:07 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 07:07 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 07:07 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 07:07 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 07:07 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 07:07 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 07:07 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 07:07 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 07:07 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 07:07 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 07:07 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 07:07 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 07:07 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 07:07 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 07:07 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 07:07 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:07 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 07:07 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 07:07 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 07:07 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 07:07 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 07:07 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 07:07 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 07:07 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 20:13 - 2014-12-08 20:13 - 00000706 _____ () C:\Users\Public\Desktop\WarThunder.lnk
2014-12-08 20:13 - 2014-12-08 20:13 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2014-12-07 18:02 - 2014-12-07 18:02 - 01189376 _____ () C:\Users\Dave\Downloads\Bitva_u_Stalingradu.ppt
2014-11-30 16:36 - 2014-11-30 16:36 - 00000000 ____D () C:\Users\Dave\Documents\Electronic Arts
2014-11-30 16:32 - 2014-11-30 16:32 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\The Sims 4
2014-11-30 01:02 - 2014-11-30 01:10 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\.ACEStream
2014-11-30 01:01 - 2014-11-30 01:10 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\ACEStream
2014-11-30 00:03 - 2014-11-30 00:03 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\PCF-VLC
2014-11-30 00:01 - 2014-11-30 00:01 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Participatory Culture Foundation
2014-11-30 00:01 - 2014-11-30 00:01 - 00000000 ____D () C:\Program Files (x86)\Participatory Culture Foundation

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 20:49 - 2012-05-09 21:26 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139976593-1037826550-675370296-1000UA.job
2014-12-28 20:49 - 2012-05-09 21:26 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139976593-1037826550-675370296-1000Core.job
2014-12-28 20:34 - 2012-12-21 18:58 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-28 20:06 - 2011-10-27 01:39 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\uTorrent
2014-12-28 19:56 - 2014-02-10 22:18 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf26a5ab410844.job
2014-12-28 19:51 - 2009-07-14 05:51 - 00346176 _____ () C:\Windows\setupact.log
2014-12-28 18:25 - 2011-10-28 09:56 - 00000000 ____D () C:\ProgramData\Origin
2014-12-28 17:10 - 2012-04-27 20:33 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-28 16:58 - 2011-10-31 13:36 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Skype
2014-12-28 14:56 - 2011-11-22 16:36 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-28 13:48 - 2012-04-23 10:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-28 13:48 - 2011-10-27 01:46 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\BitTorrent
2014-12-28 13:46 - 2009-07-14 05:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-28 13:46 - 2009-07-14 05:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-28 13:43 - 2011-10-27 01:03 - 01838857 _____ () C:\Windows\WindowsUpdate.log
2014-12-28 13:42 - 2011-12-03 11:13 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5D5F9BB-6B82-4B42-8B4B-CAA962B22010}
2014-12-28 13:41 - 2014-02-20 01:17 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Raptr
2014-12-28 13:38 - 2012-08-08 23:54 - 00000000 ____D () C:\Users\Dave\AppData\Local\HTC MediaHub
2014-12-28 13:37 - 2010-11-21 04:47 - 01185528 _____ () C:\Windows\PFRO.log
2014-12-28 13:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-28 01:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2014-12-27 21:26 - 2013-10-07 11:00 - 00000000 ____D () C:\Users\Dave\Documents\FIFA 14
2014-12-27 17:46 - 2011-12-10 21:00 - 00000000 ____D () C:\Users\Dave\AppData\Local\SKIDROW
2014-12-27 13:07 - 2014-02-18 00:43 - 00000000 ____D () C:\Program Files\Update Software
2014-12-27 12:17 - 2011-12-13 18:36 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Malwarebytes
2014-12-27 12:16 - 2011-12-13 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-26 11:18 - 2011-10-27 02:23 - 00000000 ____D () C:\Users\Dave\Documents\My Games
2014-12-24 22:29 - 2014-04-13 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-12-24 22:29 - 2012-12-22 10:58 - 00000000 ____D () C:\ProgramData\Orbit
2014-12-24 22:27 - 2011-04-12 09:34 - 00677722 _____ () C:\Windows\system32\perfh005.dat
2014-12-24 22:27 - 2011-04-12 09:34 - 00146640 _____ () C:\Windows\system32\perfc005.dat
2014-12-24 22:27 - 2009-07-14 06:13 - 01612504 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 15:47 - 2011-10-27 01:03 - 00000000 ____D () C:\Users\Dave
2014-12-24 14:22 - 2012-02-19 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2014-12-24 12:36 - 2012-08-27 21:36 - 00000000 ____D () C:\Users\Dave\Documents\Telltale Games
2014-12-22 13:30 - 2011-11-06 13:04 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\TS3Client
2014-12-22 03:22 - 2011-11-03 18:54 - 00000000 ____D () C:\Users\Dave\Documents\BioWare
2014-12-21 11:46 - 2011-10-31 13:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-21 11:46 - 2011-10-31 13:35 - 00000000 ____D () C:\ProgramData\Skype
2014-12-13 01:57 - 2011-11-22 16:37 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 16:31 - 2014-02-13 09:36 - 00000000 ____D () C:\Windows\rescache
2014-12-10 17:34 - 2012-12-21 18:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 17:34 - 2012-12-21 18:58 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 17:34 - 2011-10-27 01:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 16:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 07:31 - 2013-08-11 23:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 07:31 - 2011-11-24 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 07:28 - 2011-10-28 10:21 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 07:00 - 2014-02-27 17:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 21:02 - 2013-10-21 21:17 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\BSplayer
2014-12-09 14:34 - 2014-02-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-08 18:17 - 2009-07-14 06:08 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-01 14:05 - 2011-10-28 13:00 - 00000000 ___HD () C:\Users\Dave\AppData\Roaming\Origin
2014-11-30 16:32 - 2014-01-12 16:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-30 13:21 - 2012-04-28 16:59 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-11-30 13:16 - 2012-04-28 16:59 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

Files to move or delete:
====================
C:\Users\Dave\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\Dave\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Dave\AppData\Local\Temp\APNSetup.exe
C:\Users\Dave\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Dave\AppData\Local\Temp\AutoRun.exe
C:\Users\Dave\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Dave\AppData\Local\Temp\avguidx.dll
C:\Users\Dave\AppData\Local\Temp\BRSVC_1294792_hlp.exe
C:\Users\Dave\AppData\Local\Temp\CH.dll
C:\Users\Dave\AppData\Local\Temp\chutil.dll
C:\Users\Dave\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Dave\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Dave\AppData\Local\Temp\comver.dll
C:\Users\Dave\AppData\Local\Temp\contentDATs.exe
C:\Users\Dave\AppData\Local\Temp\Copy.dll
C:\Users\Dave\AppData\Local\Temp\CTun.exe
C:\Users\Dave\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Dave\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Dave\AppData\Local\Temp\detectionui_r.exe
C:\Users\Dave\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Dave\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Dave\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Dave\AppData\Local\Temp\EAInstall.dll
C:\Users\Dave\AppData\Local\Temp\eauninstall.exe
C:\Users\Dave\AppData\Local\Temp\genteert.dll
C:\Users\Dave\AppData\Local\Temp\ginstall.dll
C:\Users\Dave\AppData\Local\Temp\GLF14A8.tmp.dll
C:\Users\Dave\AppData\Local\Temp\GLF8C2A.tmp.dll
C:\Users\Dave\AppData\Local\Temp\GLFD7E9.tmp.dll
C:\Users\Dave\AppData\Local\Temp\htmlayout.dll
C:\Users\Dave\AppData\Local\Temp\i4jdel0.exe
C:\Users\Dave\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Dave\AppData\Local\Temp\installerdll1749863.dll
C:\Users\Dave\AppData\Local\Temp\installerdll23616694.dll
C:\Users\Dave\AppData\Local\Temp\installerdll23626179.dll
C:\Users\Dave\AppData\Local\Temp\installerdll83641246.dll
C:\Users\Dave\AppData\Local\Temp\InstHelper.exe
C:\Users\Dave\AppData\Local\Temp\local.dll
C:\Users\Dave\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Dave\AppData\Local\Temp\MassEffect2-1.02.exe
C:\Users\Dave\AppData\Local\Temp\MP3_Launcher_1_27_0_0.exe
C:\Users\Dave\AppData\Local\Temp\MP3_Patch_Update_1_0_0_78.exe
C:\Users\Dave\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\Dave\AppData\Local\Temp\oi_{075A8866-1DF0-4911-93A4-3EB2275ECA7C}.exe
C:\Users\Dave\AppData\Local\Temp\oi_{D579C9CC-C53E-4494-B384-7FD0F302F736}.exe
C:\Users\Dave\AppData\Local\Temp\ose00000.exe
C:\Users\Dave\AppData\Local\Temp\pyl3E9C.tmp.exe
C:\Users\Dave\AppData\Local\Temp\pyl3F03.tmp.exe
C:\Users\Dave\AppData\Local\Temp\pyl43B5.tmp.exe
C:\Users\Dave\AppData\Local\Temp\pyl74A2.tmp.exe
C:\Users\Dave\AppData\Local\Temp\pylF4FD.tmp.exe
C:\Users\Dave\AppData\Local\Temp\Quarantine.exe
C:\Users\Dave\AppData\Local\Temp\raptrpatch.exe
C:\Users\Dave\AppData\Local\Temp\readSTILog.dll
C:\Users\Dave\AppData\Local\Temp\ResetDevice.exe
C:\Users\Dave\AppData\Local\Temp\rootsupd.exe
C:\Users\Dave\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Dave\AppData\Local\Temp\sfextra.dll
C:\Users\Dave\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dave\AppData\Local\Temp\sonarinst.exe
C:\Users\Dave\AppData\Local\Temp\sqlite3.dll
C:\Users\Dave\AppData\Local\Temp\swt-win32-3346.dll
C:\Users\Dave\AppData\Local\Temp\tmpB00C.exe
C:\Users\Dave\AppData\Local\Temp\tmpBCF8.exe
C:\Users\Dave\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Dave\AppData\Local\Temp\ubiE802.tmp.exe
C:\Users\Dave\AppData\Local\Temp\unins000.exe
C:\Users\Dave\AppData\Local\Temp\Uninstall.exe
C:\Users\Dave\AppData\Local\Temp\utt61E0.tmp.exe
C:\Users\Dave\AppData\Local\Temp\utt7FBB.tmp.exe
C:\Users\Dave\AppData\Local\Temp\uttAFFF.tmp.exe
C:\Users\Dave\AppData\Local\Temp\uttB028.tmp.exe
C:\Users\Dave\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Dave\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Dave\AppData\Local\Temp\w0-2htow.dll
C:\Users\Dave\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Dave\AppData\Local\Temp\_isA29.exe
C:\Users\Dave\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 21:49

==================== End Of Log ============================

Eset odinstalován. Ještě jednou děkuji za pomoc :)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware

#10 Příspěvek od vyosek »

A to pojedem tedka bez antiviru :?: To nema cenu ani lecit :boxed: Takze budto se prosim ridte VSEMI mymi radami, nebo to je zbytecna prace pro me a ztrata casu pro Vas...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Antrax
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 01 bře 2014 02:02

Re: Malware

#11 Příspěvek od Antrax »

Nené jak jste mi radil, hned jsem nainstaloval AVAST jen jsem ho právě instaloval v průběhu logu
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware

#12 Příspěvek od vyosek »

:arrow: Ja psal ale odinstalovat ESET, nainstalovat Avast, dat log. Ono to poradi kroku mi netaha papousek arara z klobouku, ale maji logickou posloupnost :?:

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Antrax
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 01 bře 2014 02:02

Re: Malware

#13 Příspěvek od Antrax »

Tak provedeno

Log: # AdwCleaner v4.106 - Report created 28/12/2014 at 22:21:38
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dave - PC
# Running from : C:\Users\Dave\Downloads\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SafetyNut
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Retro PC Calculator
Folder Deleted : C:\Program Files (x86)\Browser Tab Search by Ask
Folder Deleted : C:\Users\Dave\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Program Files\Retro PC Calculator
Folder Deleted : C:\Users\Dave\AppData\Local\PackageAware
Folder Deleted : C:\Users\Dave\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Dave\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
File Deleted : C:\Windows\SpeedItup Free Setup Log.txt
File Deleted : C:\Users\Dave\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Dave\daemonprocess.txt
File Deleted : C:\Users\Dave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : driverscanner

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cmd]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\D29AA85A12D74C92B57B0846A4EDD46D
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15E3361E-044F-40A3-83CA-FD4FB5DA50B0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F1AB6BAB-ACF1-4F9C-B699-00DAE6D18F8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\SafetyNut
Key Deleted : HKLM\SOFTWARE\Webexp Enhanced
Key Deleted : HKLM\SOFTWARE\WebexpEnhancedV1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.95

[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : olakgnkoldmagdblaalodobkmeokmgjj
[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mfhnkgpdlogbknkhlgdjlejeljbhflim
[C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?o=APN11459&gct=hp&d ... 21-341&t=4

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [26800 octets] - [01/03/2014 15:24:37]
AdwCleaner[R1].txt - [26861 octets] - [01/03/2014 15:25:25]
AdwCleaner[R2].txt - [7396 octets] - [28/12/2014 22:19:21]
AdwCleaner[S0].txt - [25279 octets] - [01/03/2014 15:27:07]
AdwCleaner[S1].txt - [6516 octets] - [28/12/2014 22:21:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6576 octets] ##########

Nevíte proč mi avast blokuje stránku s hijackem, jak jste mi poslal?
Nahoru
Antrax
Návštěvník
Návštěvník
Příspěvky: 36
Registrován: 01 bře 2014 02:02

Re: Malware

#14 Příspěvek od Antrax »

Zoek.exe v5.0.0.0 Updated 24-12-2014
Tool run by Dave on ne 28.12.2014 at 22:32:20,95.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dave\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

28.12.2014 22:36:41 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\Merge Modules deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Dave\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Dave\AppData\Roaming\Nero deleted successfully
C:\Users\Dave\AppData\Roaming\Octoshape deleted successfully
C:\Users\Dave\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Dave\AppData\Local\.# deleted successfully
C:\Users\Dave\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3139976593-1037826550-675370296-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F3D34531-5CBA-48C5-9EAD-645460EF7465} deleted successfully
HKEY_USERS\S-1-5-21-3139976593-1037826550-675370296-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D2EEE9F-1E97-465A-80E6-66F179BC679A} deleted successfully
HKEY_USERS\S-1-5-21-3139976593-1037826550-675370296-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D2EEE9F-1E97-465A-80E6-66F179BC679A} deleted successfully
HKEY_USERS\S-1-5-21-3139976593-1037826550-675370296-1000\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3139976593-1037826550-675370296-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6C8C7D9-CE4E-406e-8D98-2B84BBE5E897} deleted successfully
HKEY_USERS\S-1-5-21-3139976593-1037826550-675370296-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4D2EEE9F-1E97-465A-80E6-66F179BC679A} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{bc76b6a8-d84e-4794-94f2-3ad2ab96dda2} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3139976593-1037826550-675370296-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4D2EEE9F-1E97-465A-80E6-66F179BC679A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\WoW Worldwide Software LTD deleted
C:\Users\Dave\.android deleted
C:\PROGRA~2\Participatory Culture Foundation deleted
C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\found.000 deleted
C:\Users\Dave\64467D47FFE44FBCABBAA0DB829A17EB.TMP deleted
C:\PROGRA~3\spds90.txt deleted
C:\PROGRA~3\ICQ deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Dave\AppData\Local\Bullvid deleted
C:\Users\Dave\AppData\Local\cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\SpeedItup Free Uninstall Log.txt deleted
C:\Windows\Syswow64\tmpA11C.tmp deleted
C:\Windows\Syswow64\tmpA11D.tmp deleted
C:\Windows\Syswow64\tmpDFCF.tmp deleted
C:\Windows\Syswow64\tmpDFD0.tmp deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [28.12.2014 20:56]

==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[28.12.2014 20:55]
mhbjinfcpddaegdcdmepckclpclohldc - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha9532\ch\WebexpEnhancedV1alpha9532.crx[]

AdBlock - Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom
zen temple - Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlmiiioabolbmhbhphhfjbohiiijmkee

==== Chromium Startpages ======================

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://mysearch.avg.com?cid={76138DE3-0 ... 2013-10-17 20:56:19&v=17.0.0.12&pid=safeguard&sg=0&sap=hp",


==== Chromium Fix ======================

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{2161106B-97C9-481A-9B09-690E89621D82} Bing Url="http://www.bing.com/search?FORM=UP94DF& ... -SearchBox"

==== Reset Google Chrome ======================

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{67215844-A129-7A52-77B1-E3FC20453791} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{85AACAE1-FE8C-208F-7B84-2328E0FEECF7} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A399D4FF-8593-2D62-0F78-00B9723D5DED} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D5B9A194-F074-0EE8-B2F2-7AA26AC1171F} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhbjinfcpddaegdcdmepckclpclohldc deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dave\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=113 folders=71 37693482 bytes)

==== Empty Temp Folders ======================

C:\Users\Dave\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Dave\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 28.12.2014 at 23:12:30,38 ======================

Tady je LOG z toho hijacku Děkuji, už je vše jak má být :)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware

#15 Příspěvek od vyosek »

Poprosim o novy log z FRST a docistime zbytecky
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“