VIRY.CZ

Dobrý den poslední dobou jsem zaregistroval že v prohlížeči Google Chromu v případě že něco googlím se mi vždycky za hledaný výraz připíše ?trackid=sp-006, občas jen ?trackid.
Z toho co jsem četl na různých fórech je za tím nějaký malware a proto bych chtěl poprosit někoho jestli by mi neporadil nějaký osvědčený způsob jak se toho zbavit. Předem děkuji.

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Uživatel (administrator) on UŽIVATEL-PC on 20-01-2015 18:40:43
Running from C:\Users\Uživatel\Desktop
Loaded Profiles: Uživatel (Available profiles: Uživatel)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(forum.viry.cz) C:\Users\Uživatel\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-11-08] (NCSOFT Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-1629626762-289971562-1080556046-1006\User: Group Policy restriction detected <======= ATTENTION
CHR HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... earchTerms}
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> {5D81AC3F-0BF9-4261-BBC2-800D5FE74DA8} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/softwa ... Plugin.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 84.21.109.1 84.16.96.2

FireFox:
========
FF ProfilePath: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\mzugtu89.default-1399119414105
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: 4game.com/plugin -> C:\Program Files (x86)\4game\4game\npplugin4game.dll (Innova Systems LLC)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @Webzen.com/NPBrowserExt -> C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1629626762-289971562-1080556046-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Uživatel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1629626762-289971562-1080556046-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1629626762-289971562-1080556046-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\mzugtu89.default-1399119414105\searchplugins\google-avast.xml
FF SearchPlugin: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\mzugtu89.default-1399119414105\searchplugins\seznam-avast.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-14]

Chrome:
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.de/search?q={searchT ... kid=sp-006
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search? ... earchTerms}
CHR Profile: C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-14]
CHR HKU\S-1-5-21-1629626762-289971562-1080556046-1000\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Users\Uživatel\AppData\Local\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-14]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 4game; C:\Program Files (x86)\4game\4game\4GameService.exe [767880 2012-06-26] (Innova Systems LLC)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-29] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-14] (Avast Software)
S3 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [342528 2012-11-09] (AVerMedia) [File not signed]
S3 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-03] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-03] (Creative Labs) [File not signed]
S3 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
S3 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios) [File not signed]
S2 HPSLPSVC; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 HPSLPSVC; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4066168 2011-04-24] (INCA Internet Co., Ltd.) [File not signed]
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-15] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [675936 2012-10-06] (Wellbia.com Co., Ltd.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2014-11-08] (Advanced Micro Devices Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-14] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-14] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-14] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-10-24] ()
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2013-02-20] (Windows (R) Codename Longhorn DDK provider)
R3 CamSuiteVAC; C:\Windows\System32\DRIVERS\CamSuiteVAC.sys [56320 2008-09-18] ()
S3 cpuz136; No ImagePath
S3 dump_wmimmc; No ImagePath
S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [614272 2008-03-31] () [File not signed]
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE )
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] () [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-10-24] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
S3 mtnyhzbv; No ImagePath
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-10-28] (IObit)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-14] (Avast Software)
S3 X6va008; No ImagePath
R3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 18:40 - 2015-01-20 18:41 - 00019609 _____ () C:\Users\Uživatel\Desktop\FRST.txt
2015-01-20 18:40 - 2015-01-20 18:40 - 00112640 _____ (forum.viry.cz) C:\Users\Uživatel\Desktop\FRSTLauncher.exe
2015-01-20 18:40 - 2015-01-20 18:40 - 00029696 _____ () C:\Users\Uživatel\AppData\Local\MSGBOX.EXE
2015-01-20 18:40 - 2015-01-20 18:40 - 00015327 _____ () C:\Users\Uživatel\Desktop\LM.bat
2015-01-20 18:40 - 2015-01-20 18:40 - 00000000 ____D () C:\FRST
2015-01-20 18:35 - 2015-01-20 18:35 - 02126848 _____ (Farbar) C:\Users\Uživatel\Desktop\FRST64.exe
2015-01-20 14:54 - 2015-01-20 14:54 - 00000197 _____ () C:\Windows\system32\2015-01-20-13-54-05.031-AvastVBoxSVC.exe-2700.log
2015-01-20 14:52 - 2015-01-20 14:52 - 00003578 _____ () C:\Windows\PFRO.log
2015-01-20 14:52 - 2015-01-20 14:52 - 00000056 _____ () C:\Windows\setupact.log
2015-01-20 14:52 - 2015-01-20 14:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-19 17:31 - 2015-01-19 17:31 - 00000247 _____ () C:\Windows\system32\2015-01-19-16-31-24.074-aswFe.exe-3744.log
2015-01-19 17:26 - 2015-01-19 17:31 - 00000247 _____ () C:\Windows\system32\2015-01-19-16-26-37.086-aswFe.exe-5080.log
2015-01-19 17:26 - 2015-01-19 17:26 - 00000197 _____ () C:\Windows\system32\2015-01-19-16-26-33.035-AvastVBoxSVC.exe-3776.log
2015-01-19 16:56 - 2015-01-19 16:56 - 00000000 _____ () C:\autoexec.bat
2015-01-19 13:56 - 2015-01-19 13:56 - 00000197 _____ () C:\Windows\system32\2015-01-19-12-56-09.091-AvastVBoxSVC.exe-2608.log
2015-01-18 19:47 - 2015-01-18 19:47 - 00000197 _____ () C:\Windows\system32\2015-01-18-18-47-24.043-AvastVBoxSVC.exe-2072.log
2015-01-18 09:17 - 2015-01-18 09:17 - 00000197 _____ () C:\Windows\system32\2015-01-18-08-17-46.022-AvastVBoxSVC.exe-2884.log
2015-01-17 15:11 - 2015-01-17 15:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 14:12 - 2014-02-01 18:11 - 00004607 _____ () C:\Users\Uživatel\VYHNÁNKOVÁ_EVA.p12
2015-01-17 08:42 - 2015-01-17 08:43 - 00000197 _____ () C:\Windows\system32\2015-01-17-07-42-58.045-AvastVBoxSVC.exe-2328.log
2015-01-16 11:28 - 2015-01-16 11:28 - 00000197 _____ () C:\Windows\system32\2015-01-16-10-28-32.083-AvastVBoxSVC.exe-2904.log
2015-01-15 20:12 - 2015-01-15 20:12 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-12-57.041-aswFe.exe-6372.log
2015-01-15 20:04 - 2015-01-15 20:12 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-04-44.073-aswFe.exe-2864.log
2015-01-15 20:04 - 2015-01-15 20:04 - 00000197 _____ () C:\Windows\system32\2015-01-15-19-04-38.033-AvastVBoxSVC.exe-2752.log
2015-01-15 19:38 - 2015-01-15 19:38 - 00001852 _____ () C:\Users\Uživatel\Desktop\PS3 Media Server.lnk
2015-01-15 19:35 - 2015-01-18 12:45 - 00000000 ____D () C:\ProgramData\PMS
2015-01-15 19:35 - 2015-01-15 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
2015-01-15 19:35 - 2015-01-15 19:35 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2015-01-15 08:48 - 2015-01-15 08:48 - 00000197 _____ () C:\Windows\system32\2015-01-15-07-48-11.069-AvastVBoxSVC.exe-1012.log
2015-01-14 09:03 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:03 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:03 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:03 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:03 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:03 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 09:02 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:02 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:02 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:02 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:02 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:02 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:02 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:25 - 2015-01-14 08:25 - 00000197 _____ () C:\Windows\system32\2015-01-14-07-25-43.074-AvastVBoxSVC.exe-2432.log
2015-01-13 13:16 - 2015-01-13 13:16 - 00000197 _____ () C:\Windows\system32\2015-01-13-12-16-16.088-AvastVBoxSVC.exe-2360.log
2015-01-12 14:44 - 2015-01-12 14:44 - 00000247 _____ () C:\Windows\system32\2015-01-12-13-44-28.012-aswFe.exe-4104.log
2015-01-12 14:37 - 2015-01-12 14:44 - 00000247 _____ () C:\Windows\system32\2015-01-12-13-37-45.027-aswFe.exe-4724.log
2015-01-12 14:37 - 2015-01-12 14:37 - 00000197 _____ () C:\Windows\system32\2015-01-12-13-37-30.035-AvastVBoxSVC.exe-3692.log
2015-01-11 08:27 - 2015-01-11 08:27 - 00000197 _____ () C:\Windows\system32\2015-01-11-07-27-27.059-AvastVBoxSVC.exe-3776.log
2015-01-10 08:52 - 2015-01-10 08:52 - 00000197 _____ () C:\Windows\system32\2015-01-10-07-52-00.025-AvastVBoxSVC.exe-3560.log
2015-01-09 21:30 - 2015-01-09 21:30 - 00000197 _____ () C:\Windows\system32\2015-01-09-20-30-51.076-AvastVBoxSVC.exe-3684.log
2015-01-09 18:24 - 2015-01-09 18:24 - 00000197 _____ () C:\Windows\system32\2015-01-09-17-24-34.091-AvastVBoxSVC.exe-628.log
2015-01-09 14:01 - 2015-01-09 14:01 - 00000197 _____ () C:\Windows\system32\2015-01-09-13-01-46.063-AvastVBoxSVC.exe-3012.log
2015-01-08 15:02 - 2015-01-08 15:02 - 00000197 _____ () C:\Windows\system32\2015-01-08-14-02-08.052-AvastVBoxSVC.exe-2964.log
2015-01-07 14:53 - 2015-01-07 14:53 - 00000197 _____ () C:\Windows\system32\2015-01-07-13-53-22.078-AvastVBoxSVC.exe-3284.log
2015-01-06 14:06 - 2015-01-06 14:06 - 00000197 _____ () C:\Windows\system32\2015-01-06-13-06-15.028-AvastVBoxSVC.exe-3344.log
2015-01-05 14:01 - 2015-01-05 14:01 - 00000197 _____ () C:\Windows\system32\2015-01-05-13-01-42.031-AvastVBoxSVC.exe-2820.log
2015-01-04 08:58 - 2015-01-04 08:58 - 00000197 _____ () C:\Windows\system32\2015-01-04-07-58-22.056-AvastVBoxSVC.exe-2724.log
2015-01-03 22:04 - 2015-01-03 22:05 - 00000197 _____ () C:\Windows\system32\2015-01-03-21-04-59.096-AvastVBoxSVC.exe-1472.log
2015-01-03 08:29 - 2015-01-03 08:29 - 00000197 _____ () C:\Windows\system32\2015-01-03-07-29-46.067-AvastVBoxSVC.exe-2692.log
2015-01-02 13:15 - 2015-01-02 13:15 - 00000197 _____ () C:\Windows\system32\2015-01-02-12-15-36.012-AvastVBoxSVC.exe-1976.log
2015-01-02 08:18 - 2015-01-02 08:18 - 00000197 _____ () C:\Windows\system32\2015-01-02-07-18-54.030-AvastVBoxSVC.exe-3280.log
2015-01-01 16:27 - 2015-01-01 17:41 - 711763968 _____ () C:\Users\Uživatel\Desktop\Los-Ojos-de-Julia--2010--Horor-Cz-tit.-hf.avi
2015-01-01 10:17 - 2015-01-01 10:17 - 00000197 _____ () C:\Windows\system32\2015-01-01-09-17-48.014-AvastVBoxSVC.exe-3428.log
2014-12-31 03:10 - 2014-12-31 03:10 - 00000247 _____ () C:\Windows\system32\2014-12-31-02-10-14.068-aswFe.exe-2748.log
2014-12-31 03:04 - 2014-12-31 03:10 - 00000247 _____ () C:\Windows\system32\2014-12-31-02-04-26.001-aswFe.exe-2756.log
2014-12-31 03:04 - 2014-12-31 03:04 - 00000197 _____ () C:\Windows\system32\2014-12-31-02-04-20.049-AvastVBoxSVC.exe-3600.log
2014-12-30 23:41 - 2014-12-30 23:41 - 00000197 _____ () C:\Windows\system32\2014-12-30-22-41-26.040-AvastVBoxSVC.exe-3516.log
2014-12-30 23:28 - 2014-12-30 23:28 - 00000197 _____ () C:\Windows\system32\2014-12-30-22-28-04.039-AvastVBoxSVC.exe-3304.log
2014-12-30 23:27 - 2015-01-20 16:53 - 01124483 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 23:17 - 2014-12-30 23:17 - 00036892 _____ () C:\ComboFix.txt
2014-12-30 23:14 - 2014-12-30 23:14 - 00000197 _____ () C:\Windows\system32\2014-12-30-22-14-14.011-AvastVBoxSVC.exe-2800.log
2014-12-30 22:52 - 2014-12-30 22:52 - 00000280 _____ () C:\Windows\system32\2014-12-30-21-52-33.049-aswFe.exe-4792.log
2014-12-30 09:47 - 2014-12-30 09:47 - 00000197 _____ () C:\Windows\system32\2014-12-30-08-47-23.030-AvastVBoxSVC.exe-4416.log
2014-12-29 23:24 - 2014-12-29 23:24 - 00000197 _____ () C:\Windows\system32\2014-12-29-22-24-00.086-AvastVBoxSVC.exe-4564.log
2014-12-29 09:31 - 2014-12-29 09:31 - 00000197 _____ () C:\Windows\system32\2014-12-29-08-31-13.016-AvastVBoxSVC.exe-3828.log
2014-12-28 09:18 - 2014-12-28 09:18 - 00000197 _____ () C:\Windows\system32\2014-12-28-08-18-43.005-AvastVBoxSVC.exe-4872.log
2014-12-27 09:32 - 2014-12-27 09:32 - 00000197 _____ () C:\Windows\system32\2014-12-27-08-32-36.026-AvastVBoxSVC.exe-3960.log
2014-12-26 15:30 - 2014-12-26 15:30 - 00000197 _____ () C:\Windows\system32\2014-12-26-14-30-19.049-AvastVBoxSVC.exe-2192.log
2014-12-26 08:50 - 2014-12-26 08:50 - 00000197 _____ () C:\Windows\system32\2014-12-26-07-50-00.071-AvastVBoxSVC.exe-3316.log
2014-12-25 09:27 - 2014-12-25 09:27 - 00000197 _____ () C:\Windows\system32\2014-12-25-08-27-16.072-AvastVBoxSVC.exe-2992.log
2014-12-24 09:58 - 2014-12-24 09:58 - 00000197 _____ () C:\Windows\system32\2014-12-24-08-58-27.028-AvastVBoxSVC.exe-3328.log
2014-12-23 08:24 - 2014-12-23 08:24 - 00000197 _____ () C:\Windows\system32\2014-12-23-07-24-52.056-AvastVBoxSVC.exe-2344.log
2014-12-22 08:19 - 2014-12-22 08:19 - 00000197 _____ () C:\Windows\system32\2014-12-22-07-19-21.006-AvastVBoxSVC.exe-4216.log
2014-12-21 18:37 - 2014-12-21 18:50 - 3194191872 _____ () C:\Users\Uživatel\Windows 7 Professional 64bit.iso
2014-12-21 18:34 - 2014-12-21 18:34 - 00000197 _____ () C:\Windows\system32\2014-12-21-17-34-11.095-AvastVBoxSVC.exe-696.log
2014-12-21 08:58 - 2014-12-21 08:58 - 00000197 _____ () C:\Windows\system32\2014-12-21-07-58-17.027-AvastVBoxSVC.exe-3668.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 18:31 - 2011-10-22 22:34 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Skype
2015-01-20 18:30 - 2013-02-22 21:19 - 00000000 ____D () C:\Program Files (x86)\SteamXXD
2015-01-20 18:24 - 2014-01-25 18:46 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\Battle.net
2015-01-20 15:00 - 2009-07-14 05:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 15:00 - 2009-07-14 05:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 14:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 23:06 - 2013-06-11 09:55 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-19 17:16 - 2014-12-14 10:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-19 16:55 - 2011-10-20 13:51 - 00000000 ____D () C:\Users\Uživatel
2015-01-19 13:58 - 2013-10-28 09:28 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3801B32-94AF-4932-9466-724EB85B74AE}
2015-01-18 09:14 - 2012-06-20 17:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-17 23:09 - 2014-11-23 15:21 - 00000000 ____D () C:\Users\Uživatel\Cinema
2015-01-17 23:07 - 2014-12-08 19:13 - 00016896 ___SH () C:\Users\Uživatel\Thumbs.db
2015-01-16 11:25 - 2013-02-28 22:52 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 19:59 - 2012-01-06 18:22 - 01588746 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 19:59 - 2011-04-12 09:34 - 00678098 _____ () C:\Windows\system32\perfh005.dat
2015-01-15 19:59 - 2011-04-12 09:34 - 00146996 _____ () C:\Windows\system32\perfc005.dat
2015-01-15 19:59 - 2009-07-14 06:13 - 01588746 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 19:13 - 2013-02-28 22:52 - 00003854 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 19:13 - 2012-04-28 06:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 19:13 - 2011-10-22 21:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 19:09 - 2013-06-12 18:26 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-15 19:09 - 2013-06-12 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-15 19:09 - 2011-10-22 13:33 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-15 09:21 - 2012-10-09 21:07 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\ManyCam
2015-01-14 23:14 - 2013-07-19 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 23:08 - 2011-10-20 14:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 14:13 - 2011-11-05 19:04 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Vso
2015-01-12 19:50 - 2014-03-05 19:47 - 00000000 ____D () C:\Users\Uživatel\Documents\ConvertXToDVD
2015-01-12 19:50 - 2011-11-05 19:04 - 00001057 _____ () C:\Users\Uživatel\AppData\Roaming\vso_ts_preview.xml
2015-01-09 14:34 - 2014-11-11 19:12 - 00000000 ____D () C:\Users\Uživatel\Desktop\School
2015-01-08 18:48 - 2011-10-22 16:14 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\Downloaded Installations
2015-01-08 15:35 - 2011-10-22 20:25 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\CrashDumps
2015-01-07 22:05 - 2014-01-27 12:19 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-04 10:55 - 2013-02-07 10:27 - 00000000 ____D () C:\Users\Uživatel\Desktop\SavaheEC
2015-01-02 13:18 - 2013-06-27 21:42 - 00000000 ____D () C:\Users\Uživatel\Desktop\SavaheC
2014-12-31 16:54 - 2011-12-15 13:42 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\TS3Client
2014-12-30 23:17 - 2013-02-22 16:02 - 00000000 ____D () C:\Users\U�ivatel
2014-12-30 23:17 - 2012-12-08 09:29 - 00000000 ____D () C:\Qoobox
2014-12-30 23:17 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-30 23:16 - 2012-12-08 09:29 - 00000000 ____D () C:\Windows\erdnt
2014-12-30 23:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-30 18:50 - 2012-09-23 09:10 - 00000000 ____D () C:\Program Files (x86)\4game
2014-12-30 18:04 - 2012-10-20 18:48 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\Sony
2014-12-30 17:56 - 2014-12-15 22:00 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Seznam Browser
2014-12-29 23:39 - 2011-10-23 12:18 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-29 23:38 - 2013-04-30 10:28 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-29 23:38 - 2011-10-23 12:18 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-29 23:38 - 2011-10-22 13:29 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Adobe
2014-12-29 23:34 - 2013-04-30 10:29 - 00000000 ____D () C:\Program Files\Adobe
2014-12-29 23:32 - 2012-12-02 19:49 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-12-29 23:32 - 2012-10-20 18:48 - 00000000 ____D () C:\ProgramData\Sony
2014-12-28 16:17 - 2011-10-27 21:26 - 00000000 ____D () C:\Program Files (x86)\Metin2
2014-12-28 09:13 - 2013-05-03 06:41 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 09:13 - 2013-05-03 06:41 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 20:15 - 2013-05-03 06:41 - 00003960 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-27 20:15 - 2013-05-03 06:41 - 00003708 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-26 15:25 - 2009-07-14 06:08 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-25 09:25 - 2013-11-06 19:02 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-21 18:58 - 2014-12-20 12:24 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-12-21 18:58 - 2014-12-20 12:24 - 00001908 _____ () C:\Windows\diagerr.xml
2014-12-21 18:43 - 2011-10-20 14:24 - 00194600 _____ () C:\Users\Uživatel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-21 18:36 - 2014-09-15 14:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-21 18:36 - 2011-10-22 22:34 - 00000000 ____D () C:\ProgramData\Skype
2014-12-21 08:57 - 2009-07-14 05:45 - 05308496 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======
2012-03-09 15:37 - 2012-03-09 15:37 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier
2013-02-20 15:36 - 2013-02-20 15:36 - 0000056 _____ () C:\Users\Uživatel\AppData\Roaming\Camdata.ini
2013-02-20 15:36 - 2013-02-20 15:36 - 0000408 _____ () C:\Users\Uživatel\AppData\Roaming\CamLayout.ini
2013-02-20 15:36 - 2013-02-20 15:36 - 0000408 _____ () C:\Users\Uživatel\AppData\Roaming\CamShapes.ini
2013-02-20 15:36 - 2013-02-20 15:36 - 0004520 _____ () C:\Users\Uživatel\AppData\Roaming\CamStudio.cfg
2011-11-05 19:36 - 2011-11-05 19:36 - 0099384 _____ () C:\Users\Uživatel\AppData\Roaming\inst.exe
2011-11-05 19:36 - 2011-11-05 19:36 - 0007859 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.cat
2011-11-05 19:36 - 2011-11-05 19:36 - 0001167 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.inf
2011-11-05 19:36 - 2011-11-05 19:36 - 0000055 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.log
2011-11-05 19:36 - 2011-11-05 19:36 - 0082816 _____ (VSO Software) C:\Users\Uživatel\AppData\Roaming\pcouffin.sys
2012-07-19 13:23 - 2012-07-19 15:47 - 0000166 _____ () C:\Users\Uživatel\AppData\Roaming\PLGComp.ini
2013-01-16 14:16 - 2013-01-16 14:17 - 0001181 _____ () C:\Users\Uživatel\AppData\Roaming\trace_FilterInstaller.1.txt
2013-01-16 14:16 - 2014-05-25 07:54 - 0000919 _____ () C:\Users\Uživatel\AppData\Roaming\trace_FilterInstaller.txt
2013-01-16 14:16 - 2014-05-25 07:54 - 0000000 _____ () C:\Users\Uživatel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-08-18 11:42 - 2013-08-18 11:44 - 15022204 _____ () C:\Users\Uživatel\AppData\Roaming\UserTile.png
2011-11-05 19:04 - 2015-01-12 19:50 - 0001057 _____ () C:\Users\Uživatel\AppData\Roaming\vso_ts_preview.xml
2011-10-28 19:19 - 2013-05-10 16:49 - 0010240 _____ () C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-28 16:22 - 2012-06-28 16:22 - 0000096 _____ () C:\Users\Uživatel\AppData\Local\fusioncache.dat
2013-10-29 13:46 - 2013-10-29 13:46 - 0004096 ____H () C:\Users\Uživatel\AppData\Local\keyfile3.drm
2015-01-20 18:40 - 2015-01-20 18:40 - 0029696 _____ () C:\Users\Uživatel\AppData\Local\MSGBOX.EXE
2013-04-08 16:37 - 2013-04-08 16:37 - 0009503 _____ () C:\Users\Uživatel\AppData\Local\recently-used.xbel
2011-10-22 19:19 - 2014-11-07 21:08 - 0007597 _____ () C:\Users\Uživatel\AppData\Local\Resmon.ResmonCfg
2012-10-27 10:40 - 2013-01-27 11:16 - 1145382 ____N () C:\Users\Uživatel\AppData\Local\Tempmusic.ogg
2013-11-13 19:34 - 2013-11-13 19:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-10-06 12:19 - 2012-08-07 12:19 - 0000032 ____R () C:\ProgramData\hash.dat

Files to move or delete:
====================
C:\ProgramData\hash.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 08:52

==================== End Of Log ============================

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v4.108 - Report created 20/01/2015 at 19:47:58
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Uživatel - UŽIVATEL-PC
# Running from : C:\Users\Uživatel\Desktop\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Uživatel\AppData\Local\apn
Folder Deleted : C:\Users\Uživatel\AppData\Local\Conduit
Folder Deleted : C:\Users\Uživatel\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Uživatel\AppData\Local\I Want This
Folder Deleted : C:\Users\Uživatel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Uživatel\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Uživatel\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Uživatel\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Uživatel\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Uživatel\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Uživatel\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Uživatel\AppData\Roaming\PerformerSoft
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v35.0 (x86 cs)


-\\ Google Chrome v39.0.2171.99


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [4778 octets] - [20/01/2015 19:45:29]
AdwCleaner[S0].txt - [4417 octets] - [20/01/2015 19:47:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4477 octets] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Uživatel (administrator) on UŽIVATEL-PC on 20-01-2015 20:33:19
Running from C:\Users\Uživatel\Desktop
Loaded Profiles: Uživatel (Available profiles: Uživatel)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Uživatel\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-11-08] (NCSOFT Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-1629626762-289971562-1080556046-1006\User: Group Policy restriction detected <======= ATTENTION
CHR HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> {5D81AC3F-0BF9-4261-BBC2-800D5FE74DA8} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/softwa ... Plugin.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 84.21.109.1 84.16.96.2

FireFox:
========
FF ProfilePath: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\mzugtu89.default-1399119414105
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: 4game.com/plugin -> C:\Program Files (x86)\4game\4game\npplugin4game.dll (Innova Systems LLC)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @Webzen.com/NPBrowserExt -> C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll (WEBZEN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1629626762-289971562-1080556046-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Uživatel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1629626762-289971562-1080556046-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1629626762-289971562-1080556046-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\mzugtu89.default-1399119414105\searchplugins\google-avast.xml
FF SearchPlugin: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\mzugtu89.default-1399119414105\searchplugins\seznam-avast.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-14]

Chrome:
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.de/search?q={searchT ... kid=sp-006
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search? ... earchTerms}
CHR Profile: C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-14]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-14]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 4game; C:\Program Files (x86)\4game\4game\4GameService.exe [767880 2012-06-26] (Innova Systems LLC)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-29] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-14] (Avast Software)
S3 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [342528 2012-11-09] (AVerMedia) [File not signed]
S3 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-12-03] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-03] (Creative Labs) [File not signed]
S3 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
S3 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios) [File not signed]
S2 HPSLPSVC; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 HPSLPSVC; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4066168 2011-04-24] (INCA Internet Co., Ltd.) [File not signed]
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-15] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [675936 2012-10-06] (Wellbia.com Co., Ltd.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-21] (Advanced Micro Devices)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2014-11-08] (Advanced Micro Devices Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-14] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-14] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-14] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-10-24] ()
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2013-02-20] (Windows (R) Codename Longhorn DDK provider)
R3 CamSuiteVAC; C:\Windows\System32\DRIVERS\CamSuiteVAC.sys [56320 2008-09-18] ()
S3 cpuz136; No ImagePath
S3 dump_wmimmc; No ImagePath
S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [614272 2008-03-31] () [File not signed]
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE )
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] () [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-10-24] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
S3 mtnyhzbv; No ImagePath
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-10-28] (IObit)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-14] (Avast Software)
S3 X6va008; No ImagePath
R3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 20:33 - 2015-01-20 20:33 - 00029696 _____ () C:\Users\Uživatel\AppData\Local\MSGBOX.EXE
2015-01-20 20:33 - 2015-01-20 20:33 - 00019401 _____ () C:\Users\Uživatel\Desktop\FRST.txt
2015-01-20 20:33 - 2015-01-20 20:33 - 00015327 _____ () C:\Users\Uživatel\Desktop\LM.bat
2015-01-20 19:52 - 2015-01-20 19:53 - 00000197 _____ () C:\Windows\system32\2015-01-20-18-52-23.068-AvastVBoxSVC.exe-3524.log
2015-01-20 19:45 - 2015-01-20 19:48 - 00000000 ____D () C:\AdwCleaner
2015-01-20 18:44 - 2015-01-20 20:32 - 00000000 ____D () C:\Users\Uživatel\Desktop\Clean
2015-01-20 18:40 - 2015-01-20 20:33 - 00000000 ____D () C:\FRST
2015-01-20 18:40 - 2015-01-20 18:40 - 00112640 _____ (forum.viry.cz) C:\Users\Uživatel\Desktop\FRSTLauncher.exe
2015-01-20 18:35 - 2015-01-20 18:35 - 02126848 _____ (Farbar) C:\Users\Uživatel\Desktop\FRST64.exe
2015-01-20 14:54 - 2015-01-20 14:54 - 00000197 _____ () C:\Windows\system32\2015-01-20-13-54-05.031-AvastVBoxSVC.exe-2700.log
2015-01-20 14:52 - 2015-01-20 19:49 - 00000112 _____ () C:\Windows\setupact.log
2015-01-20 14:52 - 2015-01-20 19:48 - 00003892 _____ () C:\Windows\PFRO.log
2015-01-20 14:52 - 2015-01-20 14:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-19 17:31 - 2015-01-19 17:31 - 00000247 _____ () C:\Windows\system32\2015-01-19-16-31-24.074-aswFe.exe-3744.log
2015-01-19 17:26 - 2015-01-19 17:31 - 00000247 _____ () C:\Windows\system32\2015-01-19-16-26-37.086-aswFe.exe-5080.log
2015-01-19 17:26 - 2015-01-19 17:26 - 00000197 _____ () C:\Windows\system32\2015-01-19-16-26-33.035-AvastVBoxSVC.exe-3776.log
2015-01-19 16:56 - 2015-01-19 16:56 - 00000000 _____ () C:\autoexec.bat
2015-01-19 13:56 - 2015-01-19 13:56 - 00000197 _____ () C:\Windows\system32\2015-01-19-12-56-09.091-AvastVBoxSVC.exe-2608.log
2015-01-18 19:47 - 2015-01-18 19:47 - 00000197 _____ () C:\Windows\system32\2015-01-18-18-47-24.043-AvastVBoxSVC.exe-2072.log
2015-01-18 09:17 - 2015-01-18 09:17 - 00000197 _____ () C:\Windows\system32\2015-01-18-08-17-46.022-AvastVBoxSVC.exe-2884.log
2015-01-17 15:11 - 2015-01-17 15:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 14:12 - 2014-02-01 18:11 - 00004607 _____ () C:\Users\Uživatel\VYHNÁNKOVÁ_EVA.p12
2015-01-17 08:42 - 2015-01-17 08:43 - 00000197 _____ () C:\Windows\system32\2015-01-17-07-42-58.045-AvastVBoxSVC.exe-2328.log
2015-01-16 11:28 - 2015-01-16 11:28 - 00000197 _____ () C:\Windows\system32\2015-01-16-10-28-32.083-AvastVBoxSVC.exe-2904.log
2015-01-15 20:12 - 2015-01-15 20:12 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-12-57.041-aswFe.exe-6372.log
2015-01-15 20:04 - 2015-01-15 20:12 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-04-44.073-aswFe.exe-2864.log
2015-01-15 20:04 - 2015-01-15 20:04 - 00000197 _____ () C:\Windows\system32\2015-01-15-19-04-38.033-AvastVBoxSVC.exe-2752.log
2015-01-15 19:38 - 2015-01-15 19:38 - 00001852 _____ () C:\Users\Uživatel\Desktop\PS3 Media Server.lnk
2015-01-15 19:35 - 2015-01-18 12:45 - 00000000 ____D () C:\ProgramData\PMS
2015-01-15 19:35 - 2015-01-15 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
2015-01-15 19:35 - 2015-01-15 19:35 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2015-01-15 08:48 - 2015-01-15 08:48 - 00000197 _____ () C:\Windows\system32\2015-01-15-07-48-11.069-AvastVBoxSVC.exe-1012.log
2015-01-14 09:03 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:03 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:03 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:03 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:03 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:03 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 09:02 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:02 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:02 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:02 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:02 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:02 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:02 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 08:25 - 2015-01-14 08:25 - 00000197 _____ () C:\Windows\system32\2015-01-14-07-25-43.074-AvastVBoxSVC.exe-2432.log
2015-01-13 13:16 - 2015-01-13 13:16 - 00000197 _____ () C:\Windows\system32\2015-01-13-12-16-16.088-AvastVBoxSVC.exe-2360.log
2015-01-12 14:44 - 2015-01-12 14:44 - 00000247 _____ () C:\Windows\system32\2015-01-12-13-44-28.012-aswFe.exe-4104.log
2015-01-12 14:37 - 2015-01-12 14:44 - 00000247 _____ () C:\Windows\system32\2015-01-12-13-37-45.027-aswFe.exe-4724.log
2015-01-12 14:37 - 2015-01-12 14:37 - 00000197 _____ () C:\Windows\system32\2015-01-12-13-37-30.035-AvastVBoxSVC.exe-3692.log
2015-01-11 08:27 - 2015-01-11 08:27 - 00000197 _____ () C:\Windows\system32\2015-01-11-07-27-27.059-AvastVBoxSVC.exe-3776.log
2015-01-10 08:52 - 2015-01-10 08:52 - 00000197 _____ () C:\Windows\system32\2015-01-10-07-52-00.025-AvastVBoxSVC.exe-3560.log
2015-01-09 21:30 - 2015-01-09 21:30 - 00000197 _____ () C:\Windows\system32\2015-01-09-20-30-51.076-AvastVBoxSVC.exe-3684.log
2015-01-09 18:24 - 2015-01-09 18:24 - 00000197 _____ () C:\Windows\system32\2015-01-09-17-24-34.091-AvastVBoxSVC.exe-628.log
2015-01-09 14:01 - 2015-01-09 14:01 - 00000197 _____ () C:\Windows\system32\2015-01-09-13-01-46.063-AvastVBoxSVC.exe-3012.log
2015-01-08 15:02 - 2015-01-08 15:02 - 00000197 _____ () C:\Windows\system32\2015-01-08-14-02-08.052-AvastVBoxSVC.exe-2964.log
2015-01-07 14:53 - 2015-01-07 14:53 - 00000197 _____ () C:\Windows\system32\2015-01-07-13-53-22.078-AvastVBoxSVC.exe-3284.log
2015-01-06 14:06 - 2015-01-06 14:06 - 00000197 _____ () C:\Windows\system32\2015-01-06-13-06-15.028-AvastVBoxSVC.exe-3344.log
2015-01-05 14:01 - 2015-01-05 14:01 - 00000197 _____ () C:\Windows\system32\2015-01-05-13-01-42.031-AvastVBoxSVC.exe-2820.log
2015-01-04 08:58 - 2015-01-04 08:58 - 00000197 _____ () C:\Windows\system32\2015-01-04-07-58-22.056-AvastVBoxSVC.exe-2724.log
2015-01-03 22:04 - 2015-01-03 22:05 - 00000197 _____ () C:\Windows\system32\2015-01-03-21-04-59.096-AvastVBoxSVC.exe-1472.log
2015-01-03 08:29 - 2015-01-03 08:29 - 00000197 _____ () C:\Windows\system32\2015-01-03-07-29-46.067-AvastVBoxSVC.exe-2692.log
2015-01-02 13:15 - 2015-01-02 13:15 - 00000197 _____ () C:\Windows\system32\2015-01-02-12-15-36.012-AvastVBoxSVC.exe-1976.log
2015-01-02 08:18 - 2015-01-02 08:18 - 00000197 _____ () C:\Windows\system32\2015-01-02-07-18-54.030-AvastVBoxSVC.exe-3280.log
2015-01-01 16:27 - 2015-01-01 17:41 - 711763968 _____ () C:\Users\Uživatel\Desktop\Los-Ojos-de-Julia--2010--Horor-Cz-tit.-hf.avi
2015-01-01 10:17 - 2015-01-01 10:17 - 00000197 _____ () C:\Windows\system32\2015-01-01-09-17-48.014-AvastVBoxSVC.exe-3428.log
2014-12-31 03:10 - 2014-12-31 03:10 - 00000247 _____ () C:\Windows\system32\2014-12-31-02-10-14.068-aswFe.exe-2748.log
2014-12-31 03:04 - 2014-12-31 03:10 - 00000247 _____ () C:\Windows\system32\2014-12-31-02-04-26.001-aswFe.exe-2756.log
2014-12-31 03:04 - 2014-12-31 03:04 - 00000197 _____ () C:\Windows\system32\2014-12-31-02-04-20.049-AvastVBoxSVC.exe-3600.log
2014-12-30 23:41 - 2014-12-30 23:41 - 00000197 _____ () C:\Windows\system32\2014-12-30-22-41-26.040-AvastVBoxSVC.exe-3516.log
2014-12-30 23:28 - 2014-12-30 23:28 - 00000197 _____ () C:\Windows\system32\2014-12-30-22-28-04.039-AvastVBoxSVC.exe-3304.log
2014-12-30 23:27 - 2015-01-20 19:56 - 01137228 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 23:17 - 2014-12-30 23:17 - 00036892 _____ () C:\ComboFix.txt
2014-12-30 23:14 - 2014-12-30 23:14 - 00000197 _____ () C:\Windows\system32\2014-12-30-22-14-14.011-AvastVBoxSVC.exe-2800.log
2014-12-30 22:52 - 2014-12-30 22:52 - 00000280 _____ () C:\Windows\system32\2014-12-30-21-52-33.049-aswFe.exe-4792.log
2014-12-30 09:47 - 2014-12-30 09:47 - 00000197 _____ () C:\Windows\system32\2014-12-30-08-47-23.030-AvastVBoxSVC.exe-4416.log
2014-12-29 23:24 - 2014-12-29 23:24 - 00000197 _____ () C:\Windows\system32\2014-12-29-22-24-00.086-AvastVBoxSVC.exe-4564.log
2014-12-29 09:31 - 2014-12-29 09:31 - 00000197 _____ () C:\Windows\system32\2014-12-29-08-31-13.016-AvastVBoxSVC.exe-3828.log
2014-12-28 09:18 - 2014-12-28 09:18 - 00000197 _____ () C:\Windows\system32\2014-12-28-08-18-43.005-AvastVBoxSVC.exe-4872.log
2014-12-27 09:32 - 2014-12-27 09:32 - 00000197 _____ () C:\Windows\system32\2014-12-27-08-32-36.026-AvastVBoxSVC.exe-3960.log
2014-12-26 15:30 - 2014-12-26 15:30 - 00000197 _____ () C:\Windows\system32\2014-12-26-14-30-19.049-AvastVBoxSVC.exe-2192.log
2014-12-26 08:50 - 2014-12-26 08:50 - 00000197 _____ () C:\Windows\system32\2014-12-26-07-50-00.071-AvastVBoxSVC.exe-3316.log
2014-12-25 09:27 - 2014-12-25 09:27 - 00000197 _____ () C:\Windows\system32\2014-12-25-08-27-16.072-AvastVBoxSVC.exe-2992.log
2014-12-24 09:58 - 2014-12-24 09:58 - 00000197 _____ () C:\Windows\system32\2014-12-24-08-58-27.028-AvastVBoxSVC.exe-3328.log
2014-12-23 08:24 - 2014-12-23 08:24 - 00000197 _____ () C:\Windows\system32\2014-12-23-07-24-52.056-AvastVBoxSVC.exe-2344.log
2014-12-22 08:19 - 2014-12-22 08:19 - 00000197 _____ () C:\Windows\system32\2014-12-22-07-19-21.006-AvastVBoxSVC.exe-4216.log
2014-12-21 18:37 - 2014-12-21 18:50 - 3194191872 _____ () C:\Users\Uživatel\Windows 7 Professional 64bit.iso
2014-12-21 18:34 - 2014-12-21 18:34 - 00000197 _____ () C:\Windows\system32\2014-12-21-17-34-11.095-AvastVBoxSVC.exe-696.log
2014-12-21 08:58 - 2014-12-21 08:58 - 00000197 _____ () C:\Windows\system32\2014-12-21-07-58-17.027-AvastVBoxSVC.exe-3668.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 20:32 - 2013-02-22 21:19 - 00000000 ____D () C:\Program Files (x86)\SteamXXD
2015-01-20 20:32 - 2011-10-22 22:34 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Skype
2015-01-20 20:06 - 2014-01-27 12:19 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-01-20 20:06 - 2014-01-25 18:46 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\Battle.net
2015-01-20 19:57 - 2009-07-14 05:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:57 - 2009-07-14 05:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:55 - 2013-10-28 09:28 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C3801B32-94AF-4932-9466-724EB85B74AE}
2015-01-20 19:51 - 2014-12-14 10:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-20 19:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-20 19:48 - 2013-06-11 09:55 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-19 16:55 - 2011-10-20 13:51 - 00000000 ____D () C:\Users\Uživatel
2015-01-18 09:14 - 2012-06-20 17:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-17 23:09 - 2014-11-23 15:21 - 00000000 ____D () C:\Users\Uživatel\Cinema
2015-01-17 23:07 - 2014-12-08 19:13 - 00016896 ___SH () C:\Users\Uživatel\Thumbs.db
2015-01-16 11:25 - 2013-02-28 22:52 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 19:59 - 2012-01-06 18:22 - 01588746 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 19:59 - 2011-04-12 09:34 - 00678098 _____ () C:\Windows\system32\perfh005.dat
2015-01-15 19:59 - 2011-04-12 09:34 - 00146996 _____ () C:\Windows\system32\perfc005.dat
2015-01-15 19:59 - 2009-07-14 06:13 - 01588746 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 19:13 - 2013-02-28 22:52 - 00003854 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 19:13 - 2012-04-28 06:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 19:13 - 2011-10-22 21:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 19:09 - 2013-06-12 18:26 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-15 19:09 - 2013-06-12 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-15 19:09 - 2011-10-22 13:33 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-15 09:21 - 2012-10-09 21:07 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\ManyCam
2015-01-14 23:14 - 2013-07-19 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 23:08 - 2011-10-20 14:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 14:13 - 2011-11-05 19:04 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Vso
2015-01-12 19:50 - 2014-03-05 19:47 - 00000000 ____D () C:\Users\Uživatel\Documents\ConvertXToDVD
2015-01-12 19:50 - 2011-11-05 19:04 - 00001057 _____ () C:\Users\Uživatel\AppData\Roaming\vso_ts_preview.xml
2015-01-09 14:34 - 2014-11-11 19:12 - 00000000 ____D () C:\Users\Uživatel\Desktop\School
2015-01-08 18:48 - 2011-10-22 16:14 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\Downloaded Installations
2015-01-08 15:35 - 2011-10-22 20:25 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\CrashDumps
2015-01-04 10:55 - 2013-02-07 10:27 - 00000000 ____D () C:\Users\Uživatel\Desktop\SavaheEC
2015-01-02 13:18 - 2013-06-27 21:42 - 00000000 ____D () C:\Users\Uživatel\Desktop\SavaheC
2014-12-31 16:54 - 2011-12-15 13:42 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\TS3Client
2014-12-30 23:17 - 2013-02-22 16:02 - 00000000 ____D () C:\Users\U�ivatel
2014-12-30 23:17 - 2012-12-08 09:29 - 00000000 ____D () C:\Qoobox
2014-12-30 23:17 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-30 23:16 - 2012-12-08 09:29 - 00000000 ____D () C:\Windows\erdnt
2014-12-30 23:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-30 18:50 - 2012-09-23 09:10 - 00000000 ____D () C:\Program Files (x86)\4game
2014-12-30 18:04 - 2012-10-20 18:48 - 00000000 ____D () C:\Users\Uživatel\AppData\Local\Sony
2014-12-30 17:56 - 2014-12-15 22:00 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Seznam Browser
2014-12-29 23:39 - 2011-10-23 12:18 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-29 23:38 - 2013-04-30 10:28 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-29 23:38 - 2011-10-23 12:18 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-29 23:38 - 2011-10-22 13:29 - 00000000 ____D () C:\Users\Uživatel\AppData\Roaming\Adobe
2014-12-29 23:34 - 2013-04-30 10:29 - 00000000 ____D () C:\Program Files\Adobe
2014-12-29 23:32 - 2012-12-02 19:49 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-12-29 23:32 - 2012-10-20 18:48 - 00000000 ____D () C:\ProgramData\Sony
2014-12-28 16:17 - 2011-10-27 21:26 - 00000000 ____D () C:\Program Files (x86)\Metin2
2014-12-28 09:13 - 2013-05-03 06:41 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-28 09:13 - 2013-05-03 06:41 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 20:15 - 2013-05-03 06:41 - 00003960 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-27 20:15 - 2013-05-03 06:41 - 00003708 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-26 15:25 - 2009-07-14 06:08 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-25 09:25 - 2013-11-06 19:02 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-21 18:58 - 2014-12-20 12:24 - 00002562 _____ () C:\Windows\diagwrn.xml
2014-12-21 18:58 - 2014-12-20 12:24 - 00001908 _____ () C:\Windows\diagerr.xml
2014-12-21 18:43 - 2011-10-20 14:24 - 00194600 _____ () C:\Users\Uživatel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-21 18:36 - 2014-09-15 14:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-21 18:36 - 2011-10-22 22:34 - 00000000 ____D () C:\ProgramData\Skype
2014-12-21 08:57 - 2009-07-14 05:45 - 05308496 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======
2012-03-09 15:37 - 2012-03-09 15:37 - 0000604 ____H () C:\Program Files (x86)\STLL Notifier
2013-02-20 15:36 - 2013-02-20 15:36 - 0000056 _____ () C:\Users\Uživatel\AppData\Roaming\Camdata.ini
2013-02-20 15:36 - 2013-02-20 15:36 - 0000408 _____ () C:\Users\Uživatel\AppData\Roaming\CamLayout.ini
2013-02-20 15:36 - 2013-02-20 15:36 - 0000408 _____ () C:\Users\Uživatel\AppData\Roaming\CamShapes.ini
2013-02-20 15:36 - 2013-02-20 15:36 - 0004520 _____ () C:\Users\Uživatel\AppData\Roaming\CamStudio.cfg
2011-11-05 19:36 - 2011-11-05 19:36 - 0099384 _____ () C:\Users\Uživatel\AppData\Roaming\inst.exe
2011-11-05 19:36 - 2011-11-05 19:36 - 0007859 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.cat
2011-11-05 19:36 - 2011-11-05 19:36 - 0001167 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.inf
2011-11-05 19:36 - 2011-11-05 19:36 - 0000055 _____ () C:\Users\Uživatel\AppData\Roaming\pcouffin.log
2011-11-05 19:36 - 2011-11-05 19:36 - 0082816 _____ (VSO Software) C:\Users\Uživatel\AppData\Roaming\pcouffin.sys
2012-07-19 13:23 - 2012-07-19 15:47 - 0000166 _____ () C:\Users\Uživatel\AppData\Roaming\PLGComp.ini
2013-01-16 14:16 - 2013-01-16 14:17 - 0001181 _____ () C:\Users\Uživatel\AppData\Roaming\trace_FilterInstaller.1.txt
2013-01-16 14:16 - 2014-05-25 07:54 - 0000919 _____ () C:\Users\Uživatel\AppData\Roaming\trace_FilterInstaller.txt
2013-01-16 14:16 - 2014-05-25 07:54 - 0000000 _____ () C:\Users\Uživatel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-08-18 11:42 - 2013-08-18 11:44 - 15022204 _____ () C:\Users\Uživatel\AppData\Roaming\UserTile.png
2011-11-05 19:04 - 2015-01-12 19:50 - 0001057 _____ () C:\Users\Uživatel\AppData\Roaming\vso_ts_preview.xml
2011-10-28 19:19 - 2013-05-10 16:49 - 0010240 _____ () C:\Users\Uživatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-28 16:22 - 2012-06-28 16:22 - 0000096 _____ () C:\Users\Uživatel\AppData\Local\fusioncache.dat
2013-10-29 13:46 - 2013-10-29 13:46 - 0004096 ____H () C:\Users\Uživatel\AppData\Local\keyfile3.drm
2015-01-20 20:33 - 2015-01-20 20:33 - 0029696 _____ () C:\Users\Uživatel\AppData\Local\MSGBOX.EXE
2013-04-08 16:37 - 2013-04-08 16:37 - 0009503 _____ () C:\Users\Uživatel\AppData\Local\recently-used.xbel
2011-10-22 19:19 - 2014-11-07 21:08 - 0007597 _____ () C:\Users\Uživatel\AppData\Local\Resmon.ResmonCfg
2012-10-27 10:40 - 2013-01-27 11:16 - 1145382 ____N () C:\Users\Uživatel\AppData\Local\Tempmusic.ogg
2013-11-13 19:34 - 2013-11-13 19:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-10-06 12:19 - 2012-08-07 12:19 - 0000032 ____R () C:\ProgramData\hash.dat

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Uživatel\AppData\Local\Temp\Quarantine.exe
C:\Users\Uživatel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 08:52

==================== End Of Log ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-1629626762-289971562-1080556046-1006\User: Group Policy restriction detected <======= ATTENTION
CHR HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... searchTerm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> {5D81AC3F-0BF9-4261-BBC2-800D5FE74DA8} URL = http://search.yahoo.com/search?fr=chr-g ... =800236&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - No Path
S3 cpuz136; No ImagePath
S3 dump_wmimmc; No ImagePath
S3 mtnyhzbv; No ImagePath
S3 X6va008; No ImagePath
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl
C:\ProgramData\hash.dat
C:\Users\Uživatel\AppData\Local\Temp
Akamai NetSession Interface (HKU\S-1-5-21-1629626762-289971562-1080556046-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF
AlternateDataStreams: C:\ProgramData\TEMP:364682BC
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\Uživatel\Local Settings:UgEXbAtJyzvHA3dtWKpRWAg
AlternateDataStreams: C:\Users\Uživatel\AppData\Local:UgEXbAtJyzvHA3dtWKpRWAg
AlternateDataStreams: C:\Users\Uživatel\AppData\Local\Data aplikací:UgEXbAtJyzvHA3dtWKpRWAg
AlternateDataStreams: C:\Users\Uživatel\AppData\Local\Temporary Internet Files:Hg6Jd6UksuanauFgyCx
AlternateDataStreams: C:\Users\Uživatel\AppData\Local\Temporary Internet Files:ILHxJlpNMPGvwJ0Kbc5OUrx9p
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Uživatel at 2015-01-20 20:53:24 Run:1
Running from C:\Users\Uživatel\Desktop
Loaded Profiles: Uživatel (Available profiles: Uživatel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-1629626762-289971562-1080556046-1006\User: Group Policy restriction detected <======= ATTENTION
CHR HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... searchTerm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> {5D81AC3F-0BF9-4261-BBC2-800D5FE74DA8} URL = http://search.yahoo.com/search?fr=chr-g ... =800236&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1629626762-289971562-1080556046-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - No Path
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - No Path
S3 cpuz136; No ImagePath
S3 dump_wmimmc; No ImagePath
S3 mtnyhzbv; No ImagePath
S3 X6va008; No ImagePath
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\ProgramData\DP45977C.lfl
C:\ProgramData\hash.dat
C:\Users\Uživatel\AppData\Local\Temp
Akamai NetSession Interface (HKU\S-1-5-21-1629626762-289971562-1080556046-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF
AlternateDataStreams: C:\ProgramData\TEMP:364682BC
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
AlternateDataStreams: C:\Users\Uživatel\Local Settings:UgEXbAtJyzvHA3dtWKpRWAg
AlternateDataStreams: C:\Users\Uživatel\AppData\Local:UgEXbAtJyzvHA3dtWKpRWAg
AlternateDataStreams: C:\Users\Uživatel\AppData\Local\Data aplikací:UgEXbAtJyzvHA3dtWKpRWAg
AlternateDataStreams: C:\Users\Uživatel\AppData\Local\Temporary Internet Files:Hg6Jd6UksuanauFgyCx
AlternateDataStreams: C:\Users\Uživatel\AppData\Local\Temporary Internet Files:ILHxJlpNMPGvwJ0Kbc5OUrx9p
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1629626762-289971562-1080556046-1006\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D81AC3F-0BF9-4261-BBC2-800D5FE74DA8}" => Key deleted successfully.
HKCR\CLSID\{5D81AC3F-0BF9-4261-BBC2-800D5FE74DA8} => Key not found.
"HKU\S-1-5-21-1629626762-289971562-1080556046-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
Firefox DefaultSearchUrl deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dchlnpcodkpfdpacogkljefecpegganj" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hghkgaeecgjhjkannahfamoehjmkjail" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh" => Key deleted successfully.
cpuz136 => Service deleted successfully.
dump_wmimmc => Service deleted successfully.
mtnyhzbv => Service deleted successfully.
X6va008 => Service deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.

"C:\Users\Uživatel\AppData\Local\Temp" directory move:

C:\Users\Uživatel\AppData\Local\Temp\6DCF93A4.TMP => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\adwcleaner.db => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\EULA.txt => Moved successfully.
Could not move "C:\Users\Uživatel\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Uživatel\AppData\Local\Temp\hosts.bk => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\MSI8934c.LOG => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\system.ini.bk => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\v3init2.log => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\win.ini.bk => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\WMZuneComm.etl.001 => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\WMZuneComm.etl.002 => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\WMZuneComm.etl.003 => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\WMZuneComm.etl.004 => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\~A63D.bat => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\~A63D.tmp => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\~DF461A009D4777C00E.TMP => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\~DFAC045204DA37E2D3.TMP => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\~E9A6.tmp => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\~F1E.bat => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\~F1E.tmp => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabcabc.zip => Moved successfully.
C:\Users\Uživatel\AppData\Local\Temp\avastBCLTMP\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabcabcabcabcabcabcabc.zip => Moved successfully.
Could not move "C:\Users\Uživatel\AppData\Local\Temp" directory. => Scheduled to move on reboot.

Akamai NetSession Interface (HKU\S-1-5-21-1629626762-289971562-1080556046-1000\...\Akamai) (Version: - Akamai Technologies, Inc) => Error: No automatic fix found for this entry.
C:\ProgramData\TEMP => ":05EE1EEF" ADS removed successfully.
C:\ProgramData\TEMP => ":364682BC" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
"C:\Users\Uživatel\Local Settings" => ":UgEXbAtJyzvHA3dtWKpRWAg" ADS not found.
C:\Users\Uživatel\AppData\Local => ":UgEXbAtJyzvHA3dtWKpRWAg" ADS removed successfully.
"C:\Users\Uživatel\AppData\Local\Data aplikací" => ":UgEXbAtJyzvHA3dtWKpRWAg" ADS not found.
"C:\Users\Uživatel\AppData\Local\Temporary Internet Files" => ":Hg6Jd6UksuanauFgyCx" ADS not found.
"C:\Users\Uživatel\AppData\Local\Temporary Internet Files" => ":ILHxJlpNMPGvwJ0Kbc5OUrx9p" ADS not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-20 20:55:34)<=

C:\Users\Uživatel\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Uživatel\AppData\Local\Temp => Moved successfully.

==== End of Fixlog 20:55:34 ====

Smazáno. Nastala nějaká změna?

Bohužel pořád se děje to samé. Pro bližší specifikaci, když si normálně zapnu google a do vyhledávacího okénka na domovské stránce google napíšu text který chci hledat tak je vše normální a žádný ?trackid=sp-006 tam není. Ale v případě že požadovaný text pro vyhledávání napíšu nahoru do okénka které zobrazuje aktuální stránku tak se to stále děje. Konkrétně když chci vyhledat třeba Youtube, napíšu si nahoru kde mám www.google.cz Youtube a hodí mě to přesně tuto stránku: https://www.google.de/search?q=youtube? ... be?trackid

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21.1.2015
Scan Time: 17:24:53
Logfile: as.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.21.07
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: UA3ivatel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 497321
Time Elapsed: 12 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11111111-1111-1111-1111-110011221158}, , [14f7ba40e5a4191dcedf3ec66c97926e],
Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, , [14f7ba40e5a4191dcedf3ec66c97926e],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.CrossRider.A, C:\Users\UA3ivatel\AppData\Local\Updater2258, , [8784669414757cbab33bf34c8e758f71],
PUP.Optional.CrossRider.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0, , [d73416e4a3e679bd41cb86c0db2801ff],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj, , [b6554eac5d2c04325fbb9eb2ad56a65a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp, , [2ae13bbfed9c3105be5db898758e7d83],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}, , [28e331c9266337ff9fd61a47a06323dd],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\8CCD55DA23FE0498, , [28e331c9266337ff9fd61a47a06323dd],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk, , [fd0ec535bacf95a1a7a895db18ebc63a],

Files: 26
PUP.Optional.CrossRider.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0.localstorage, , [e229f20890f94aeca8e6b5f612f18f71],
PUP.Optional.CrossRider.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0\2, , [d73416e4a3e679bd41cb86c0db2801ff],
PUP.Optional.CrossRider.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0\3, , [d73416e4a3e679bd41cb86c0db2801ff],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\000005.sst, , [b6554eac5d2c04325fbb9eb2ad56a65a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\CURRENT, , [b6554eac5d2c04325fbb9eb2ad56a65a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\LOCK, , [b6554eac5d2c04325fbb9eb2ad56a65a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\LOG, , [b6554eac5d2c04325fbb9eb2ad56a65a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj\MANIFEST-000139, , [b6554eac5d2c04325fbb9eb2ad56a65a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\000005.sst, , [2ae13bbfed9c3105be5db898758e7d83],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\CURRENT, , [2ae13bbfed9c3105be5db898758e7d83],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\LOCK, , [2ae13bbfed9c3105be5db898758e7d83],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\LOG, , [2ae13bbfed9c3105be5db898758e7d83],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp\MANIFEST-000137, , [2ae13bbfed9c3105be5db898758e7d83],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\20120501162302.log, , [28e331c9266337ff9fd61a47a06323dd],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\Setup.dat, , [28e331c9266337ff9fd61a47a06323dd],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\Setup.exe, , [28e331c9266337ff9fd61a47a06323dd],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\Setup.ico, , [28e331c9266337ff9fd61a47a06323dd],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\TsuDll.dll, , [28e331c9266337ff9fd61a47a06323dd],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\_Setup.dll, , [28e331c9266337ff9fd61a47a06323dd],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\_Setupx.dll, , [28e331c9266337ff9fd61a47a06323dd],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\000086.sst, , [fd0ec535bacf95a1a7a895db18ebc63a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\000112.sst, , [fd0ec535bacf95a1a7a895db18ebc63a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\CURRENT, , [fd0ec535bacf95a1a7a895db18ebc63a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\LOCK, , [fd0ec535bacf95a1a7a895db18ebc63a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\LOG, , [fd0ec535bacf95a1a7a895db18ebc63a],
PUP.Optional.Spigot.A, C:\Users\UA3ivatel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk\MANIFEST-000114, , [fd0ec535bacf95a1a7a895db18ebc63a],

Physical Sectors: 0
(No malicious items detected)


(end)

Vše, co MBAM nalezl, smažte. Nastala nějaká změna?

Viry odstraněny, problém vyřešen, mockrát děkuji.