
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosím o kontrolu
Logfile of random's system information tool 1.10 (written by random/random)
Run by Adam at 2015-03-01 18:59:40
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 29 GB (57%) free of 51 GB
Total RAM: 1023 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:59:54, on 1. 3. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\Adam\Desktop\RSIT.exe
C:\Program Files\trend micro\Adam.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 3563 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.sk"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-30 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-30 172968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-10-01 5088456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirDroid 3]
C:\Program Files\AirDroid\AirDroid.exe /start []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner.exe [2015-02-19 5503768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2014-08-19 1795872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Plex Media Server]
C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe [2015-01-23 1677904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TVMOBiLiArtworkManager.lnk]
C:\PROGRA~1\TVMOBiLi\bin\ITUNES~1.EXE /path:C:\ProgramData\TVMOBiLi\cache []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Universal Media Server.lnk]
C:\PROGRA~1\UNIVER~1\UMS.exe [2015-02-15 603865]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ConnectAir.lnk]
C:\Program Files\ConnectAir\ConnectAir.exe -hide []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMPCHelper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tvnserver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-03-01 18:59:40 ----D---- C:\rsit
2015-02-27 17:26:43 ----D---- C:\Program Files\Mozilla Firefox
2015-02-26 21:11:18 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-02-26 21:10:10 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-02-26 21:10:10 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-02-26 21:10:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-02-26 21:10:08 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2015-02-26 11:02:26 ----D---- C:\ProgramData\UMS
2015-02-26 11:01:48 ----D---- C:\Program Files\AviSynth
2015-02-26 11:01:37 ----D---- C:\Program Files\Universal Media Server
2015-02-26 01:23:49 ----D---- C:\ProgramData\PMS
2015-02-26 01:23:16 ----D---- C:\Program Files\PS3 Media Server
2015-02-25 17:33:21 ----D---- C:\Users\Adam\AppData\Roaming\J River
2015-02-25 16:59:54 ----A---- C:\Windows\system32\drivers\JRiverWDMDriver.sys
2015-02-25 16:58:11 ----N---- C:\Windows\system32\AudDevicePlugin.dll
2015-02-25 16:58:09 ----N---- C:\Windows\system32\AReadyLB.dll
2015-02-25 16:57:54 ----A---- C:\Windows\system32\D3DX9_43.dll
2015-02-25 16:55:33 ----D---- C:\Program Files\J River
2015-02-25 15:32:26 ----D---- C:\Program Files\Plex
2015-02-25 15:00:32 ----D---- C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}
2015-02-25 13:57:28 ----D---- C:\Users\Adam\AppData\Roaming\MiniGet
2015-02-25 13:57:27 ----D---- C:\Program Files\MiniGet
2015-02-25 13:55:37 ----D---- C:\Program Files\globalUpdate
2015-02-25 13:41:37 ----A---- C:\Windows\system32\nvStreaming.exe
2015-02-20 00:44:28 ----A---- C:\Windows\system32\nvopencl.dll
2015-02-20 00:44:26 ----A---- C:\Windows\system32\nvoglv32.dll
2015-02-20 00:44:26 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-02-20 00:44:24 ----A---- C:\Windows\system32\NvIFR.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\NvFBC.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\nvdispgenco3234144.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\nvdispco3234144.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\nvd3dum.dll
2015-02-20 00:44:18 ----A---- C:\Windows\system32\nvcuvid.dll
2015-02-20 00:44:18 ----A---- C:\Windows\system32\nvcuda.dll
2015-02-20 00:43:58 ----A---- C:\Windows\system32\nvcompiler.dll
2015-02-19 15:08:08 ----D---- C:\Program Files\Super Ovladac
2015-02-18 21:05:29 ----D---- C:\Program Files\ShowMyPCService
2015-02-18 20:47:16 ----D---- C:\Program Files\TeamViewer
2015-02-12 22:20:41 ----A---- C:\Windows\system32\wdi.dll
2015-02-12 22:20:41 ----A---- C:\Windows\system32\powertracker.dll
2015-02-12 22:20:41 ----A---- C:\Windows\system32\perftrack.dll
2015-02-11 11:54:17 ----A---- C:\Windows\system32\jscript9diag.dll
2015-02-11 11:54:17 ----A---- C:\Windows\system32\jscript9.dll
2015-02-10 20:46:29 ----A---- C:\Windows\system32\win32k.sys
2015-02-10 20:46:12 ----A---- C:\Windows\system32\lsasrv.dll
2015-02-10 20:46:12 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-10 20:46:12 ----A---- C:\Windows\system32\adtschema.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\sspisrv.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\sspicli.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\secur32.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\msobjs.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\msaudite.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\lsass.exe
2015-02-10 20:46:11 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-02-10 20:46:11 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-02-10 20:46:11 ----A---- C:\Windows\system32\auditpol.exe
2015-02-10 20:45:05 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 20:45:04 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-02-10 20:45:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-02-10 20:45:03 ----A---- C:\Windows\system32\iernonce.dll
2015-02-10 20:45:03 ----A---- C:\Windows\system32\ie4uinit.exe
2015-02-10 20:45:02 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 20:45:01 ----A---- C:\Windows\system32\urlmon.dll
2015-02-10 20:45:01 ----A---- C:\Windows\system32\jsproxy.dll
2015-02-10 20:45:01 ----A---- C:\Windows\system32\ieUnatt.exe
2015-02-10 20:45:01 ----A---- C:\Windows\system32\iedkcs32.dll
2015-02-10 20:45:00 ----A---- C:\Windows\system32\ieapfltr.dll
2015-02-10 20:45:00 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-10 20:44:59 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-10 20:44:54 ----A---- C:\Windows\system32\msrating.dll
2015-02-10 20:44:53 ----A---- C:\Windows\system32\iesetup.dll
2015-02-10 20:44:52 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 20:44:51 ----A---- C:\Windows\system32\wininet.dll
2015-02-10 20:44:48 ----A---- C:\Windows\system32\dxtrans.dll
2015-02-10 20:44:46 ----A---- C:\Windows\system32\ieui.dll
2015-02-10 20:44:45 ----A---- C:\Windows\system32\ieframe.dll
2015-02-10 20:44:39 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-10 20:44:35 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-02-10 20:44:32 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-02-10 20:44:30 ----A---- C:\Windows\system32\iertutil.dll
2015-02-10 20:44:27 ----A---- C:\Windows\system32\mshtml.dll
2015-02-10 20:44:25 ----A---- C:\Windows\system32\vbscript.dll
2015-02-10 20:43:39 ----A---- C:\Windows\system32\scesrv.dll
2015-02-10 20:43:37 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\invagent.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\generaltel.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\devinv.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\appraiser.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\aitstatic.exe
2015-02-10 20:43:32 ----A---- C:\Windows\system32\aeinv.dll
2015-02-10 20:43:31 ----A---- C:\Windows\system32\aepic.dll
2015-02-10 20:43:31 ----A---- C:\Windows\system32\aepdu.dll
2015-02-10 20:41:37 ----A---- C:\Windows\system32\schannel.dll
2015-02-10 20:41:37 ----A---- C:\Windows\system32\msv1_0.dll
2015-02-10 20:41:37 ----A---- C:\Windows\system32\kerberos.dll
2015-02-10 20:41:36 ----A---- C:\Windows\system32\wdigest.dll
2015-02-10 20:41:36 ----A---- C:\Windows\system32\TSpkg.dll
2015-02-10 20:41:36 ----A---- C:\Windows\system32\ncrypt.dll
2015-02-10 20:41:35 ----A---- C:\Windows\system32\credssp.dll
2015-02-10 20:40:52 ----A---- C:\Windows\system32\wintrust.dll
2015-02-10 20:40:52 ----A---- C:\Windows\system32\cryptsvc.dll
2015-02-10 20:40:52 ----A---- C:\Windows\system32\crypt32.dll
2015-02-10 20:39:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-02-10 20:39:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2015-02-10 20:38:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-10 19:29:23 ----D---- C:\Windows\pss
2015-02-08 22:58:24 ----D---- C:\ProgramData\Auslogics
2015-02-08 22:19:00 ----D---- C:\Program Files\Microsoft Silverlight
2015-02-08 13:08:29 ----D---- C:\Users\Adam\AppData\Roaming\Remote Control Server
2015-02-07 17:18:10 ----D---- C:\Program Files\Google
2015-02-05 22:17:19 ----A---- C:\Windows\system32\drivers\4A406237.sys
2015-02-05 21:56:55 ----D---- C:\ProgramData\Malwarebytes
======List of files/folders modified in the last 1 month======
2015-03-01 18:59:53 ----D---- C:\Windows\Prefetch
2015-03-01 18:59:44 ----D---- C:\Program Files\trend micro
2015-03-01 18:59:38 ----D---- C:\Windows\Temp
2015-03-01 18:21:03 ----RD---- C:\Program Files
2015-03-01 18:21:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-03-01 15:17:40 ----D---- C:\Windows\system32\config
2015-03-01 15:05:48 ----SHD---- C:\System Volume Information
2015-03-01 14:29:41 ----D---- C:\Windows\inf
2015-03-01 14:28:06 ----D---- C:\ProgramData\NVIDIA
2015-02-27 15:22:03 ----D---- C:\Windows
2015-02-26 23:50:22 ----D---- C:\Windows\debug
2015-02-26 23:47:59 ----D---- C:\Users\Adam\AppData\Roaming\uTorrent
2015-02-26 23:47:58 ----D---- C:\Windows\Logs
2015-02-26 23:46:37 ----D---- C:\Program Files\CCleaner
2015-02-26 23:40:35 ----D---- C:\Windows\system32\drivers
2015-02-26 23:40:35 ----D---- C:\Windows\L2Schemas
2015-02-26 23:39:39 ----HD---- C:\ProgramData
2015-02-26 23:39:27 ----D---- C:\Windows\Tasks
2015-02-26 23:39:27 ----D---- C:\Windows\system32\Tasks
2015-02-26 21:06:59 ----D---- C:\Windows\system32\DriverStore
2015-02-26 11:09:25 ----SHD---- C:\Windows\Installer
2015-02-26 11:09:16 ----D---- C:\Windows\System32
2015-02-26 00:40:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-02-25 14:45:40 ----D---- C:\Windows\winsxs
2015-02-25 13:41:47 ----D---- C:\Program Files\NVIDIA Corporation
2015-02-24 00:31:44 ----RSD---- C:\Windows\Fonts
2015-02-24 00:30:44 ----D---- C:\Users\Adam\AppData\Roaming\vlc
2015-02-20 11:30:42 ----D---- C:\Windows\rescache
2015-02-20 00:44:38 ----A---- C:\Windows\system32\OpenCL.dll
2015-02-20 00:44:34 ----A---- C:\Windows\system32\nvwgf2um.dll
2015-02-20 00:43:56 ----A---- C:\Windows\system32\nvapi.dll
2015-02-20 00:15:43 ----D---- C:\Program Files\Windows Sidebar
2015-02-13 00:37:13 ----D---- C:\Windows\tracing
2015-02-12 22:17:02 ----D---- C:\Windows\system32\catroot2
2015-02-11 17:23:36 ----D---- C:\Windows\system32\en-US
2015-02-10 23:40:58 ----SD---- C:\Windows\system32\CompatTel
2015-02-10 23:40:58 ----D---- C:\Windows\system32\appraiser
2015-02-10 23:40:55 ----D---- C:\Windows\system32\sk-SK
2015-02-10 23:40:54 ----D---- C:\Program Files\Internet Explorer
2015-02-10 21:07:05 ----D---- C:\Windows\system32\MRT
2015-02-10 20:57:14 ----A---- C:\Windows\system32\MRT.exe
2015-02-10 20:38:21 ----D---- C:\Windows\system32\catroot
2015-02-09 00:16:46 ----D---- C:\Windows\Microsoft.NET
2015-02-08 22:20:22 ----SD---- C:\ProgramData\Microsoft
2015-02-08 15:57:42 ----SD---- C:\Windows\system32\Microsoft
2015-02-08 13:09:37 ----D---- C:\Program Files\Winamp
2015-02-08 13:09:33 ----D---- C:\Users\Adam\AppData\Roaming\Winamp
2015-02-07 23:30:11 ----SD---- C:\Users\Adam\AppData\Roaming\Microsoft
2015-02-07 22:41:46 ----D---- C:\Program Files\Common Files\microsoft shared
2015-02-07 12:38:26 ----D---- C:\Windows\Offline Web Pages
2015-02-05 22:14:03 ----D---- C:\Windows\Resources
2015-02-05 16:58:25 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 03:06:18 ----A---- C:\Windows\system32\nvcpl.dll
2015-02-04 03:06:17 ----A---- C:\Windows\system32\nvsvc.dll
2015-02-04 03:05:53 ----A---- C:\Windows\system32\nvvsvc.exe
2015-02-04 03:05:52 ----A---- C:\Windows\system32\nvsvcr.dll
2015-02-04 03:05:52 ----A---- C:\Windows\system32\nvshext.dll
2015-02-04 03:05:49 ----A---- C:\Windows\system32\nvmctray.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2014-10-10 51288]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2014-10-10 191928]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2014-10-10 135296]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2014-10-10 37928]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2014-10-10 176448]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2014-08-19 162592]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 btaudio;Bluetooth Audio Device; C:\Windows\system32\drivers\btaudio.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\Windows\system32\DRIVERS\btwdndis.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 jrvad_service;JRiver Media Center 20 (service); C:\Windows\system32\drivers\JRiverWDMDriver.sys [2015-01-26 30168]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2014-10-01 1349576]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-02-04 670536]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-04 409800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-02-27 148080]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
-----------------EOF-----------------
Run by Adam at 2015-03-01 18:59:40
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 29 GB (57%) free of 51 GB
Total RAM: 1023 MB (23% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:59:54, on 1. 3. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\Adam\Desktop\RSIT.exe
C:\Program Files\trend micro\Adam.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
--
End of file - 3563 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.sk"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-30 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-30 172968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-10-01 5088456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirDroid 3]
C:\Program Files\AirDroid\AirDroid.exe /start []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner.exe [2015-02-19 5503768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2014-08-19 1795872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Plex Media Server]
C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe [2015-01-23 1677904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TVMOBiLiArtworkManager.lnk]
C:\PROGRA~1\TVMOBiLi\bin\ITUNES~1.EXE /path:C:\ProgramData\TVMOBiLi\cache []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Universal Media Server.lnk]
C:\PROGRA~1\UNIVER~1\UMS.exe [2015-02-15 603865]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ConnectAir.lnk]
C:\Program Files\ConnectAir\ConnectAir.exe -hide []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SMPCHelper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tvnserver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-03-01 18:59:40 ----D---- C:\rsit
2015-02-27 17:26:43 ----D---- C:\Program Files\Mozilla Firefox
2015-02-26 21:11:18 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-02-26 21:10:10 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-02-26 21:10:10 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-02-26 21:10:10 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-02-26 21:10:08 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2015-02-26 11:02:26 ----D---- C:\ProgramData\UMS
2015-02-26 11:01:48 ----D---- C:\Program Files\AviSynth
2015-02-26 11:01:37 ----D---- C:\Program Files\Universal Media Server
2015-02-26 01:23:49 ----D---- C:\ProgramData\PMS
2015-02-26 01:23:16 ----D---- C:\Program Files\PS3 Media Server
2015-02-25 17:33:21 ----D---- C:\Users\Adam\AppData\Roaming\J River
2015-02-25 16:59:54 ----A---- C:\Windows\system32\drivers\JRiverWDMDriver.sys
2015-02-25 16:58:11 ----N---- C:\Windows\system32\AudDevicePlugin.dll
2015-02-25 16:58:09 ----N---- C:\Windows\system32\AReadyLB.dll
2015-02-25 16:57:54 ----A---- C:\Windows\system32\D3DX9_43.dll
2015-02-25 16:55:33 ----D---- C:\Program Files\J River
2015-02-25 15:32:26 ----D---- C:\Program Files\Plex
2015-02-25 15:00:32 ----D---- C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}
2015-02-25 13:57:28 ----D---- C:\Users\Adam\AppData\Roaming\MiniGet
2015-02-25 13:57:27 ----D---- C:\Program Files\MiniGet
2015-02-25 13:55:37 ----D---- C:\Program Files\globalUpdate
2015-02-25 13:41:37 ----A---- C:\Windows\system32\nvStreaming.exe
2015-02-20 00:44:28 ----A---- C:\Windows\system32\nvopencl.dll
2015-02-20 00:44:26 ----A---- C:\Windows\system32\nvoglv32.dll
2015-02-20 00:44:26 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-02-20 00:44:24 ----A---- C:\Windows\system32\NvIFR.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\NvFBC.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\nvdispgenco3234144.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\nvdispco3234144.dll
2015-02-20 00:44:20 ----A---- C:\Windows\system32\nvd3dum.dll
2015-02-20 00:44:18 ----A---- C:\Windows\system32\nvcuvid.dll
2015-02-20 00:44:18 ----A---- C:\Windows\system32\nvcuda.dll
2015-02-20 00:43:58 ----A---- C:\Windows\system32\nvcompiler.dll
2015-02-19 15:08:08 ----D---- C:\Program Files\Super Ovladac
2015-02-18 21:05:29 ----D---- C:\Program Files\ShowMyPCService
2015-02-18 20:47:16 ----D---- C:\Program Files\TeamViewer
2015-02-12 22:20:41 ----A---- C:\Windows\system32\wdi.dll
2015-02-12 22:20:41 ----A---- C:\Windows\system32\powertracker.dll
2015-02-12 22:20:41 ----A---- C:\Windows\system32\perftrack.dll
2015-02-11 11:54:17 ----A---- C:\Windows\system32\jscript9diag.dll
2015-02-11 11:54:17 ----A---- C:\Windows\system32\jscript9.dll
2015-02-10 20:46:29 ----A---- C:\Windows\system32\win32k.sys
2015-02-10 20:46:12 ----A---- C:\Windows\system32\lsasrv.dll
2015-02-10 20:46:12 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-10 20:46:12 ----A---- C:\Windows\system32\adtschema.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\sspisrv.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\sspicli.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\secur32.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\msobjs.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\msaudite.dll
2015-02-10 20:46:11 ----A---- C:\Windows\system32\lsass.exe
2015-02-10 20:46:11 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-02-10 20:46:11 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-02-10 20:46:11 ----A---- C:\Windows\system32\auditpol.exe
2015-02-10 20:45:05 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 20:45:04 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-02-10 20:45:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-02-10 20:45:03 ----A---- C:\Windows\system32\iernonce.dll
2015-02-10 20:45:03 ----A---- C:\Windows\system32\ie4uinit.exe
2015-02-10 20:45:02 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 20:45:01 ----A---- C:\Windows\system32\urlmon.dll
2015-02-10 20:45:01 ----A---- C:\Windows\system32\jsproxy.dll
2015-02-10 20:45:01 ----A---- C:\Windows\system32\ieUnatt.exe
2015-02-10 20:45:01 ----A---- C:\Windows\system32\iedkcs32.dll
2015-02-10 20:45:00 ----A---- C:\Windows\system32\ieapfltr.dll
2015-02-10 20:45:00 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-10 20:44:59 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-10 20:44:54 ----A---- C:\Windows\system32\msrating.dll
2015-02-10 20:44:53 ----A---- C:\Windows\system32\iesetup.dll
2015-02-10 20:44:52 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 20:44:51 ----A---- C:\Windows\system32\wininet.dll
2015-02-10 20:44:48 ----A---- C:\Windows\system32\dxtrans.dll
2015-02-10 20:44:46 ----A---- C:\Windows\system32\ieui.dll
2015-02-10 20:44:45 ----A---- C:\Windows\system32\ieframe.dll
2015-02-10 20:44:39 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-10 20:44:35 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-02-10 20:44:32 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-02-10 20:44:30 ----A---- C:\Windows\system32\iertutil.dll
2015-02-10 20:44:27 ----A---- C:\Windows\system32\mshtml.dll
2015-02-10 20:44:25 ----A---- C:\Windows\system32\vbscript.dll
2015-02-10 20:43:39 ----A---- C:\Windows\system32\scesrv.dll
2015-02-10 20:43:37 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\invagent.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\generaltel.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\devinv.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\appraiser.dll
2015-02-10 20:43:32 ----A---- C:\Windows\system32\aitstatic.exe
2015-02-10 20:43:32 ----A---- C:\Windows\system32\aeinv.dll
2015-02-10 20:43:31 ----A---- C:\Windows\system32\aepic.dll
2015-02-10 20:43:31 ----A---- C:\Windows\system32\aepdu.dll
2015-02-10 20:41:37 ----A---- C:\Windows\system32\schannel.dll
2015-02-10 20:41:37 ----A---- C:\Windows\system32\msv1_0.dll
2015-02-10 20:41:37 ----A---- C:\Windows\system32\kerberos.dll
2015-02-10 20:41:36 ----A---- C:\Windows\system32\wdigest.dll
2015-02-10 20:41:36 ----A---- C:\Windows\system32\TSpkg.dll
2015-02-10 20:41:36 ----A---- C:\Windows\system32\ncrypt.dll
2015-02-10 20:41:35 ----A---- C:\Windows\system32\credssp.dll
2015-02-10 20:40:52 ----A---- C:\Windows\system32\wintrust.dll
2015-02-10 20:40:52 ----A---- C:\Windows\system32\cryptsvc.dll
2015-02-10 20:40:52 ----A---- C:\Windows\system32\crypt32.dll
2015-02-10 20:39:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-02-10 20:39:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2015-02-10 20:38:30 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-10 19:29:23 ----D---- C:\Windows\pss
2015-02-08 22:58:24 ----D---- C:\ProgramData\Auslogics
2015-02-08 22:19:00 ----D---- C:\Program Files\Microsoft Silverlight
2015-02-08 13:08:29 ----D---- C:\Users\Adam\AppData\Roaming\Remote Control Server
2015-02-07 17:18:10 ----D---- C:\Program Files\Google
2015-02-05 22:17:19 ----A---- C:\Windows\system32\drivers\4A406237.sys
2015-02-05 21:56:55 ----D---- C:\ProgramData\Malwarebytes
======List of files/folders modified in the last 1 month======
2015-03-01 18:59:53 ----D---- C:\Windows\Prefetch
2015-03-01 18:59:44 ----D---- C:\Program Files\trend micro
2015-03-01 18:59:38 ----D---- C:\Windows\Temp
2015-03-01 18:21:03 ----RD---- C:\Program Files
2015-03-01 18:21:03 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-03-01 15:17:40 ----D---- C:\Windows\system32\config
2015-03-01 15:05:48 ----SHD---- C:\System Volume Information
2015-03-01 14:29:41 ----D---- C:\Windows\inf
2015-03-01 14:28:06 ----D---- C:\ProgramData\NVIDIA
2015-02-27 15:22:03 ----D---- C:\Windows
2015-02-26 23:50:22 ----D---- C:\Windows\debug
2015-02-26 23:47:59 ----D---- C:\Users\Adam\AppData\Roaming\uTorrent
2015-02-26 23:47:58 ----D---- C:\Windows\Logs
2015-02-26 23:46:37 ----D---- C:\Program Files\CCleaner
2015-02-26 23:40:35 ----D---- C:\Windows\system32\drivers
2015-02-26 23:40:35 ----D---- C:\Windows\L2Schemas
2015-02-26 23:39:39 ----HD---- C:\ProgramData
2015-02-26 23:39:27 ----D---- C:\Windows\Tasks
2015-02-26 23:39:27 ----D---- C:\Windows\system32\Tasks
2015-02-26 21:06:59 ----D---- C:\Windows\system32\DriverStore
2015-02-26 11:09:25 ----SHD---- C:\Windows\Installer
2015-02-26 11:09:16 ----D---- C:\Windows\System32
2015-02-26 00:40:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-02-25 14:45:40 ----D---- C:\Windows\winsxs
2015-02-25 13:41:47 ----D---- C:\Program Files\NVIDIA Corporation
2015-02-24 00:31:44 ----RSD---- C:\Windows\Fonts
2015-02-24 00:30:44 ----D---- C:\Users\Adam\AppData\Roaming\vlc
2015-02-20 11:30:42 ----D---- C:\Windows\rescache
2015-02-20 00:44:38 ----A---- C:\Windows\system32\OpenCL.dll
2015-02-20 00:44:34 ----A---- C:\Windows\system32\nvwgf2um.dll
2015-02-20 00:43:56 ----A---- C:\Windows\system32\nvapi.dll
2015-02-20 00:15:43 ----D---- C:\Program Files\Windows Sidebar
2015-02-13 00:37:13 ----D---- C:\Windows\tracing
2015-02-12 22:17:02 ----D---- C:\Windows\system32\catroot2
2015-02-11 17:23:36 ----D---- C:\Windows\system32\en-US
2015-02-10 23:40:58 ----SD---- C:\Windows\system32\CompatTel
2015-02-10 23:40:58 ----D---- C:\Windows\system32\appraiser
2015-02-10 23:40:55 ----D---- C:\Windows\system32\sk-SK
2015-02-10 23:40:54 ----D---- C:\Program Files\Internet Explorer
2015-02-10 21:07:05 ----D---- C:\Windows\system32\MRT
2015-02-10 20:57:14 ----A---- C:\Windows\system32\MRT.exe
2015-02-10 20:38:21 ----D---- C:\Windows\system32\catroot
2015-02-09 00:16:46 ----D---- C:\Windows\Microsoft.NET
2015-02-08 22:20:22 ----SD---- C:\ProgramData\Microsoft
2015-02-08 15:57:42 ----SD---- C:\Windows\system32\Microsoft
2015-02-08 13:09:37 ----D---- C:\Program Files\Winamp
2015-02-08 13:09:33 ----D---- C:\Users\Adam\AppData\Roaming\Winamp
2015-02-07 23:30:11 ----SD---- C:\Users\Adam\AppData\Roaming\Microsoft
2015-02-07 22:41:46 ----D---- C:\Program Files\Common Files\microsoft shared
2015-02-07 12:38:26 ----D---- C:\Windows\Offline Web Pages
2015-02-05 22:14:03 ----D---- C:\Windows\Resources
2015-02-05 16:58:25 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-02-04 03:06:18 ----A---- C:\Windows\system32\nvcpl.dll
2015-02-04 03:06:17 ----A---- C:\Windows\system32\nvsvc.dll
2015-02-04 03:05:53 ----A---- C:\Windows\system32\nvvsvc.exe
2015-02-04 03:05:52 ----A---- C:\Windows\system32\nvsvcr.dll
2015-02-04 03:05:52 ----A---- C:\Windows\system32\nvshext.dll
2015-02-04 03:05:49 ----A---- C:\Windows\system32\nvmctray.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2014-10-10 51288]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2014-10-10 191928]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2014-10-10 135296]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2014-10-10 37928]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2014-10-10 176448]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2014-08-19 162592]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 btaudio;Bluetooth Audio Device; C:\Windows\system32\drivers\btaudio.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\Windows\system32\DRIVERS\btwdndis.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 jrvad_service;JRiver Media Center 20 (service); C:\Windows\system32\drivers\JRiverWDMDriver.sys [2015-01-26 30168]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 49152]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2014-10-01 1349576]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-02-04 670536]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-04 409800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 102912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-02-27 148080]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
-----------------EOF-----------------
Re: Prosím o kontrolu
Zdravim 
ESET Smart Security je radne zakoupeny?
S MiniGet jste si tam natahal plno haveti... doporucju si projit http://forum.viry.cz/viewtopic.php?f=24 ... 2#p1374442
26.2. jste instaloval MBAM... skenoval jste jim pocitac? Pokud ano, dejte log s nalezy.
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )






- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Cleaning
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu
1. áno, mám tam licenciu do 11.5.2015
2. nechcelo mi stiahnuť ten program, pretože ESS to nedovoil
3. log MBAM:
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Scan Date: 26. 2. 2015
Scan Time: 21:20:44
Logfile: mam.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.26.04
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Adam
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 396770
Time Elapsed: 1 hr, 44 min, 46 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, 2156, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c]
Modules: 1
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
Registry Keys: 51
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.SupTab.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\CLSID\{aa2fac44-d24d-4fed-9e32-397d138365f1}, Quarantined, [a468948f484261d5ad86d03e5da6c937],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4b030cae-5396-4e8d-b29f-0bc3213ab606}, Quarantined, [a468948f484261d5ad86d03e5da6c937],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A30B13F5-3743-428A-A1FA-6F001D36CC4A}, Quarantined, [a468948f484261d5ad86d03e5da6c937],
PUP.Optional.IEMultiBHO.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10E1725C-7237-41A9-954A-04DCCB1FD16C}, Quarantined, [e92371b24446270f768ae12ca65d956b],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, Quarantined, [b85422016d1d0234d974901304ff46ba],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [4ebeef34c5c501352f79f7f1f80bf20e],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\mystartsearchSoftware, Quarantined, [8c80879c19712b0b50d2a308000315eb],
PUP.Optional.SavePass.A, HKLM\SOFTWARE\SavePass 1.1, Quarantined, [2ddf869d107af5419cd2932830d3f808],
PUP.Optional.SavePass.A, HKLM\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [63a964bfaedca49275f98635ae555ca4],
PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, Quarantined, [0dff47dcfb8f340272e822fb6e9713ed],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WajIntEnhance, Quarantined, [9874a182addd91a58ba06b34c53e14ec],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [29e3cb588307e650549de4dc699a59a7],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [8587ad76226876c029727e5d847ff50b],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [1fed92910783e155ce1ff4a7ba493cc4],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [e329e93a246660d6915b1b8062a124dc],
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [ab612ef5fe8c38fe8910416a71926898],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [ee1e0f14a7e3270f12d8d9c25ea543bd],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [a3696eb5d1b9d4620514ba66887de21e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [c24a64bf0f7b7fb7e03a25fb0bfa6799],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, Quarantined, [39d3df447515201608078039649f06fa],
PUP.Optional.IHProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarantined, [f61671b2f49680b665e72c77dc27cc34],
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Cyti Web, Quarantined, [808cfb280c7e24120ed23372fb0810f0],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarantined, [8686d94a4f3b62d4ae55bfe8847fd828],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [13f98d9694f644f28fba19956b98cd33],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [f11b8a99474357df9c4dbb4346be0af6],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HomeTab, Quarantined, [ef1d5bc842486dc92f8e3794f211956b],
PUP.Optional.SavePass.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [16f6b76c34561f17cca3912a649f11ef],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SearchProtectWS, Quarantined, [53b927fcd4b60c2a20d0e8b3788b7c84],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WajIntEnhance, Quarantined, [1bf145de93f767cf1814326d48bb4bb5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [fc10cd56d0ba75c1c7f6957c44c1fa06],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [cb41eb38c5c575c134fa5b5a2cd726da],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\OB, Quarantined, [7c90180bf89245f18158efb1739020e0],
PUP.Optional.FastStart.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [cd3f4cd7cfbb8ea853d5476f04ffed13],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarantined, [bc5058cbc8c2b185eb00b9e2d72c966a],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
Registry Values: 5
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [29e3cb588307e650549de4dc699a59a7]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\extensions\searchengine@gmail.com, Quarantined, [10fc29faa2e866d0f5062dfc778e1de3]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\extensions\faststartff@gmail.com, Quarantined, [66a665bebad088ae8dee2bf143c2a858]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, amt, Quarantined, [39d3df447515201608078039649f06fa]
PUP.Optional.FastStart.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [cd3f4cd7cfbb8ea853d5476f04ffed13]
Registry Data: 10
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G, Good: (firefox.exe), Bad: (C:\Program Files\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G),Replaced,[9e6e52d123670c2ab42daf16ff060af6]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G),Replaced,[64a86fb42c5eaf87b72ba3222adb728e]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[848880a3305ad1655ad21aac3acbf30d]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[27e53de6d4b67cba1c0fc7ffc93c8878]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[1fedac772b5f37ff2b8807ccca3b4bb5]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[0606180bb8d2ab8bfa33fec8e81d46ba]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[fd0f190a97f3181e88a82b9b9b6a54ac]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[f31937ec95f50630ebc607ccd43101ff]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[020ad053eaa06acc7eb08b3bd13434cc]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[83895dc65634d4625ad5a71fa85d768a]
Folders: 40
PUP.Optional.XTab.A, C:\Program Files\XTab, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\image, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [ad5f47dc6129979fab30df97c043926e],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [ad5f47dc6129979fab30df97c043926e],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{1EDCBE78-A1F4-4B77-88CB-18961BFA41B1}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1, Quarantined, [dd2f62c16e1c181ee80fea94659e9e62],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [1cf043e02b5fc57179f9e3b0a360b24e],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [1cf043e02b5fc57179f9e3b0a360b24e],
PUP.Optional.CytiWeb.A, C:\Users\Adam\AppData\Local\Temp\Cyti Web, Quarantined, [8b8179aa3753b77fab29266fbe45cb35],
Files: 114
PUP.Optional.SkyTech.A, C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EC8UIV4N\1[1].zip, Quarantined, [0efe1b085733c86e20eb12ed4bb65ca4],
PUP.Optional.XTabs.A, C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0LRNQOH\2[1].zip, Quarantined, [ab6148db9dedb086b69343c8ab5b9868],
Trojan.MSIL.Injector, C:\Users\Adam\AppData\Local\Temp\Runner2.exe, Quarantined, [52ba170c0486f3439406c7fc44c109f7],
PUP.Optional.XTab.A, C:\Program Files\XTab\uninstall.exe, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\conf, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\install.data, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\searchProvider.xml, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about_bk.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn_apply.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\close.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf.xml, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf_back.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\input_bk.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\logo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\main.xml, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_1.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_2.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\rigth_arrow.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\settings.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\data.html, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE.html, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE8.html, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\main.css, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\ver.txt, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\arrow.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo_hover.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_logo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo2.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\google_trends.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon128.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon16.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon48.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\loading.gif, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\logo32.ico, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather\0.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\common.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ga.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ie8.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery-1.11.0.min.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery.autocomplete.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\js.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\library.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit-ie8.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit2.0.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.MyStartSearch.A, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\searchplugins\mystartsearch.xml, Quarantined, [a26a6bb868220a2ca081b4f76f9450b0],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-6, Quarantined, [22ea081beb9fe1552fbd13add52e20e0],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-7, Quarantined, [a06c071c791172c42cc0665a3ac90ef2],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-10_user, Quarantined, [6ca0061dcfbb16205e8e3090af54cb35],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-4, Quarantined, [1fed1112b7d3fd39f5f7e8d8d72c738d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5, Quarantined, [b15b1d063654280e96561ea21fe454ac],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5_user, Quarantined, [000ca47fc9c1191d1ad2e2de1ee58f71],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-6.job, Quarantined, [30dc41e2a0eaef47846e0a13e12406fa],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-7.job, Quarantined, [38d434ef39512214ad45d6471aeb2bd5],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-10_user.job, Quarantined, [cd3fd44f7e0c92a4e01269b4c2431de3],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-4.job, Quarantined, [57b561c28bffdf5718da9984be47f50b],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5.job, Quarantined, [e527081b98f247eff4fec756a75e3fc1],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5_user.job, Quarantined, [59b31b08acde8bab4ba7e736da2b47b9],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [3ad2ad76266462d41be671adf70edd23],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [c84438eb820846f08c76fb237a8be917],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [49c3fe25256570c69a69ce50aa5b3ec2],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [35d74bd80882330340c4b866ec196c94],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [ad5f47dc6129979fab30df97c043926e],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleCrashHandler.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdate.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdateBroker.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdateHelper.msi, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdateOnDemand.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\goopdate.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\goopdateres_en.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\npGoogleUpdate4.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\psmachine.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\psuser.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\bgNova.html, Quarantined, [dd2f62c16e1c181ee80fea94659e9e62],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Quarantined, [1cf043e02b5fc57179f9e3b0a360b24e],
PUP.Optional.QuickStart.A, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Replaced,[c5474fd46129fc3a6b5726e71ee81ce4]
PUP.Optional.CrossRider.A, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14bc0d1821a641958dcb0dc7ac182c5f");), Replaced,[c4483ee56a20b680d01b0fff64a2fc04]
Physical Sectors: 0
(No malicious items detected)
(end)
2. nechcelo mi stiahnuť ten program, pretože ESS to nedovoil
3. log MBAM:
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Scan Date: 26. 2. 2015
Scan Time: 21:20:44
Logfile: mam.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.26.04
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Adam
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 396770
Time Elapsed: 1 hr, 44 min, 46 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, 2156, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c]
Modules: 1
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
Registry Keys: 51
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.SupTab.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [f51728fbc0ca65d1d8cff620eb18c13f],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\CLSID\{aa2fac44-d24d-4fed-9e32-397d138365f1}, Quarantined, [a468948f484261d5ad86d03e5da6c937],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4b030cae-5396-4e8d-b29f-0bc3213ab606}, Quarantined, [a468948f484261d5ad86d03e5da6c937],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A30B13F5-3743-428A-A1FA-6F001D36CC4A}, Quarantined, [a468948f484261d5ad86d03e5da6c937],
PUP.Optional.IEMultiBHO.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10E1725C-7237-41A9-954A-04DCCB1FD16C}, Quarantined, [e92371b24446270f768ae12ca65d956b],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, Quarantined, [b85422016d1d0234d974901304ff46ba],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [4ebeef34c5c501352f79f7f1f80bf20e],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\mystartsearchSoftware, Quarantined, [8c80879c19712b0b50d2a308000315eb],
PUP.Optional.SavePass.A, HKLM\SOFTWARE\SavePass 1.1, Quarantined, [2ddf869d107af5419cd2932830d3f808],
PUP.Optional.SavePass.A, HKLM\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [63a964bfaedca49275f98635ae555ca4],
PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, Quarantined, [0dff47dcfb8f340272e822fb6e9713ed],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WajIntEnhance, Quarantined, [9874a182addd91a58ba06b34c53e14ec],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Quarantined, [29e3cb588307e650549de4dc699a59a7],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [8587ad76226876c029727e5d847ff50b],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [1fed92910783e155ce1ff4a7ba493cc4],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [e329e93a246660d6915b1b8062a124dc],
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [ab612ef5fe8c38fe8910416a71926898],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [ee1e0f14a7e3270f12d8d9c25ea543bd],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [a3696eb5d1b9d4620514ba66887de21e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [c24a64bf0f7b7fb7e03a25fb0bfa6799],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, Quarantined, [39d3df447515201608078039649f06fa],
PUP.Optional.IHProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarantined, [f61671b2f49680b665e72c77dc27cc34],
PUP.Optional.CytiWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Cyti Web, Quarantined, [808cfb280c7e24120ed23372fb0810f0],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarantined, [8686d94a4f3b62d4ae55bfe8847fd828],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [13f98d9694f644f28fba19956b98cd33],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [f11b8a99474357df9c4dbb4346be0af6],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HomeTab, Quarantined, [ef1d5bc842486dc92f8e3794f211956b],
PUP.Optional.SavePass.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [16f6b76c34561f17cca3912a649f11ef],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SearchProtectWS, Quarantined, [53b927fcd4b60c2a20d0e8b3788b7c84],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WajIntEnhance, Quarantined, [1bf145de93f767cf1814326d48bb4bb5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [fc10cd56d0ba75c1c7f6957c44c1fa06],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [cb41eb38c5c575c134fa5b5a2cd726da],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\OB, Quarantined, [7c90180bf89245f18158efb1739020e0],
PUP.Optional.FastStart.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [cd3f4cd7cfbb8ea853d5476f04ffed13],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, Quarantined, [bc5058cbc8c2b185eb00b9e2d72c966a],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
Registry Values: 5
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [29e3cb588307e650549de4dc699a59a7]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\extensions\searchengine@gmail.com, Quarantined, [10fc29faa2e866d0f5062dfc778e1de3]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\extensions\faststartff@gmail.com, Quarantined, [66a665bebad088ae8dee2bf143c2a858]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, amt, Quarantined, [39d3df447515201608078039649f06fa]
PUP.Optional.FastStart.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [cd3f4cd7cfbb8ea853d5476f04ffed13]
Registry Data: 10
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G, Good: (firefox.exe), Bad: (C:\Program Files\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G),Replaced,[9e6e52d123670c2ab42daf16ff060af6]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&t ... 0_V40B7H0G),Replaced,[64a86fb42c5eaf87b72ba3222adb728e]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[848880a3305ad1655ad21aac3acbf30d]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[27e53de6d4b67cba1c0fc7ffc93c8878]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[1fedac772b5f37ff2b8807ccca3b4bb5]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[0606180bb8d2ab8bfa33fec8e81d46ba]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[fd0f190a97f3181e88a82b9b9b6a54ac]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[f31937ec95f50630ebc607ccd43101ff]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&t ... 0_V40B7H0G),Replaced,[020ad053eaa06acc7eb08b3bd13434cc]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3409903947-2537725115-4003705135-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.mystartsearch.com/web/?type= ... earchTerms}, Good: (http://www.google.com), Bad: (http://www.mystartsearch.com/web/?type= ... earchTerms}),Replaced,[83895dc65634d4625ad5a71fa85d768a]
Folders: 40
PUP.Optional.XTab.A, C:\Program Files\XTab, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\image, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [ad5f47dc6129979fab30df97c043926e],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [ad5f47dc6129979fab30df97c043926e],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{1EDCBE78-A1F4-4B77-88CB-18961BFA41B1}, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1, Quarantined, [dd2f62c16e1c181ee80fea94659e9e62],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [1cf043e02b5fc57179f9e3b0a360b24e],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [1cf043e02b5fc57179f9e3b0a360b24e],
PUP.Optional.CytiWeb.A, C:\Users\Adam\AppData\Local\Temp\Cyti Web, Quarantined, [8b8179aa3753b77fab29266fbe45cb35],
Files: 114
PUP.Optional.SkyTech.A, C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EC8UIV4N\1[1].zip, Quarantined, [0efe1b085733c86e20eb12ed4bb65ca4],
PUP.Optional.XTabs.A, C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0LRNQOH\2[1].zip, Quarantined, [ab6148db9dedb086b69343c8ab5b9868],
Trojan.MSIL.Injector, C:\Users\Adam\AppData\Local\Temp\Runner2.exe, Quarantined, [52ba170c0486f3439406c7fc44c109f7],
PUP.Optional.XTab.A, C:\Program Files\XTab\uninstall.exe, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\conf, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\install.data, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\searchProvider.xml, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about_bk.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn_apply.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\close.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf.xml, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf_back.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\input_bk.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\logo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\main.xml, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_1.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_2.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\rigth_arrow.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\settings.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\data.html, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE.html, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE8.html, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\main.css, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\ver.txt, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\arrow.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo_hover.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_logo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo2.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\google_trends.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon128.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon16.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon48.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\loading.gif, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\logo32.ico, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather\0.png, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\common.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ga.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ie8.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery-1.11.0.min.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery.autocomplete.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\js.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\library.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit-ie8.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit2.0.js, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW\messages.json, Quarantined, [af5da97a6f1b66d07fcfa7fc8b787f81],
PUP.Optional.MyStartSearch.A, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\searchplugins\mystartsearch.xml, Quarantined, [a26a6bb868220a2ca081b4f76f9450b0],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-6, Quarantined, [22ea081beb9fe1552fbd13add52e20e0],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-7, Quarantined, [a06c071c791172c42cc0665a3ac90ef2],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-10_user, Quarantined, [6ca0061dcfbb16205e8e3090af54cb35],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-4, Quarantined, [1fed1112b7d3fd39f5f7e8d8d72c738d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5, Quarantined, [b15b1d063654280e96561ea21fe454ac],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5_user, Quarantined, [000ca47fc9c1191d1ad2e2de1ee58f71],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-6.job, Quarantined, [30dc41e2a0eaef47846e0a13e12406fa],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-1-7.job, Quarantined, [38d434ef39512214ad45d6471aeb2bd5],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-10_user.job, Quarantined, [cd3fd44f7e0c92a4e01269b4c2431de3],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-4.job, Quarantined, [57b561c28bffdf5718da9984be47f50b],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5.job, Quarantined, [e527081b98f247eff4fec756a75e3fc1],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\255ac7c2-376c-4f6c-aee3-930d8b67201f-5_user.job, Quarantined, [59b31b08acde8bab4ba7e736da2b47b9],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Quarantined, [3ad2ad76266462d41be671adf70edd23],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Quarantined, [c84438eb820846f08c76fb237a8be917],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Quarantined, [49c3fe25256570c69a69ce50aa5b3ec2],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Quarantined, [35d74bd80882330340c4b866ec196c94],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [ad5f47dc6129979fab30df97c043926e],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Delete-on-Reboot, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Quarantined, [8f7ded365931c175eabf84f4966d748c],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleCrashHandler.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdate.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdateBroker.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdateHelper.msi, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\GoogleUpdateOnDemand.exe, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\goopdate.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\goopdateres_en.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\npGoogleUpdate4.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\psmachine.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.GlobalUpdate.A, C:\Users\Adam\AppData\Local\Temp\comh.480813\psuser.dll, Quarantined, [e22ac360c8c2b680398c8fe941c26e92],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\bgNova.html, Quarantined, [dd2f62c16e1c181ee80fea94659e9e62],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Quarantined, [1cf043e02b5fc57179f9e3b0a360b24e],
PUP.Optional.QuickStart.A, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Replaced,[c5474fd46129fc3a6b5726e71ee81ce4]
PUP.Optional.CrossRider.A, C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14bc0d1821a641958dcb0dc7ac182c5f");), Replaced,[c4483ee56a20b680d01b0fff64a2fc04]
Physical Sectors: 0
(No malicious items detected)
(end)
Re: Prosím o kontrolu
4. log AdwCleaner:
# AdwCleaner v4.111 - Logfile created 02/03/2015 at 18:04:42
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Adam - ADAM-PC
# Running from : C:\Users\Adam\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\ShowMyPCService
Folder Deleted : C:\Users\Adam\AppData\Local\cool_mirage
Folder Deleted : C:\Users\Adam\AppData\Local\globalUpdate
File Deleted : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\user.js
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v36.0 (x86 sk)
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "mystartsearch");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
*************************
AdwCleaner[R1].txt - [5329 bytes] - [02/03/2015 18:00:54]
AdwCleaner[S1].txt - [5429 bytes] - [02/03/2015 18:04:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5488 bytes] ##########
# AdwCleaner v4.111 - Logfile created 02/03/2015 at 18:04:42
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Adam - ADAM-PC
# Running from : C:\Users\Adam\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\ShowMyPCService
Folder Deleted : C:\Users\Adam\AppData\Local\cool_mirage
Folder Deleted : C:\Users\Adam\AppData\Local\globalUpdate
File Deleted : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\k7krd9tw.default-1423432867625\user.js
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v36.0 (x86 sk)
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "mystartsearch");
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[k7krd9tw.default-1423432867625\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
*************************
AdwCleaner[R1].txt - [5329 bytes] - [02/03/2015 18:00:54]
AdwCleaner[S1].txt - [5429 bytes] - [02/03/2015 18:04:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5488 bytes] ##########
Re: Prosím o kontrolu

Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu
ten FRSTLauncher nejde stiahnuť z tej stránky...že neexistuje stránka
Re: Prosím o kontrolu
Diky za upozorneni, pokracujte tedy bez FRSTLauncheru - samotnym FRST.exe/FRST64.exe
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu

- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi
Kód: Vybrat vše
Start CloseProcesses: Task: {0D05524D-0596-4C8D-9C65-7B19E0B7E194} - System32\Tasks\{AC567165-06FA-4A99-83A3-18D17CE08B87} => pcalua.exe -a C:\Users\Adam\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt C:\Users\Adam\AppData\Roaming\mystartsearch HKU\S-1-5-21-3409903947-2537725115-4003705135-1000\...\MountPoints2: {dd17fc43-7898-11e4-9acb-806e6f6e6963} - E:\Setup.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 2015-03-02 18:00 - 2015-03-02 18:04 - 00000000 ____D () C:\AdwCleaner 2015-03-02 17:59 - 2015-03-02 17:59 - 02126848 _____ () C:\Users\Adam\Desktop\adwcleaner_4.111.exe 2015-03-01 18:59 - 2015-03-01 18:59 - 00000000 ____D () C:\rsit C:\Program Files\XTab C:\Program Files\globalUpdate C:\ProgramData\IHProtectUpDate Folder: C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d} Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2015
Ran by Adam at 2015-03-02 19:19:10 Run:1
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available profiles: Adam)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
Task: {0D05524D-0596-4C8D-9C65-7B19E0B7E194} - System32\Tasks\{AC567165-06FA-4A99-83A3-18D17CE08B87} => pcalua.exe -a C:\Users\Adam\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
C:\Users\Adam\AppData\Roaming\mystartsearch
HKU\S-1-5-21-3409903947-2537725115-4003705135-1000\...\MountPoints2: {dd17fc43-7898-11e4-9acb-806e6f6e6963} - E:\Setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-03-02 18:00 - 2015-03-02 18:04 - 00000000 ____D () C:\AdwCleaner
2015-03-02 17:59 - 2015-03-02 17:59 - 02126848 _____ () C:\Users\Adam\Desktop\adwcleaner_4.111.exe
2015-03-01 18:59 - 2015-03-01 18:59 - 00000000 ____D () C:\rsit
C:\Program Files\XTab
C:\Program Files\globalUpdate
C:\ProgramData\IHProtectUpDate
Folder: C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D05524D-0596-4C8D-9C65-7B19E0B7E194}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D05524D-0596-4C8D-9C65-7B19E0B7E194}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AC567165-06FA-4A99-83A3-18D17CE08B87} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC567165-06FA-4A99-83A3-18D17CE08B87}" => Key deleted successfully.
"C:\Users\Adam\AppData\Roaming\mystartsearch" => File/Directory not found.
"HKU\S-1-5-21-3409903947-2537725115-4003705135-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd17fc43-7898-11e4-9acb-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{dd17fc43-7898-11e4-9acb-806e6f6e6963} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Adam\Desktop\adwcleaner_4.111.exe => Moved successfully.
C:\rsit => Moved successfully.
"C:\Program Files\XTab" => File/Directory not found.
"C:\Program Files\globalUpdate" => File/Directory not found.
"C:\ProgramData\IHProtectUpDate" => File/Directory not found.
========================= Folder: C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d} ========================
2015-02-25 15:00 - 2015-02-25 15:00 - 0000892 _____ () C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}\TVMOBiLi crack.dat
====== End of Folder: ======
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 231 MB temporary data.
The system needed a reboot.
==== End of Fixlog 19:19:35 ====
Ran by Adam at 2015-03-02 19:19:10 Run:1
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available profiles: Adam)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
Task: {0D05524D-0596-4C8D-9C65-7B19E0B7E194} - System32\Tasks\{AC567165-06FA-4A99-83A3-18D17CE08B87} => pcalua.exe -a C:\Users\Adam\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
C:\Users\Adam\AppData\Roaming\mystartsearch
HKU\S-1-5-21-3409903947-2537725115-4003705135-1000\...\MountPoints2: {dd17fc43-7898-11e4-9acb-806e6f6e6963} - E:\Setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-03-02 18:00 - 2015-03-02 18:04 - 00000000 ____D () C:\AdwCleaner
2015-03-02 17:59 - 2015-03-02 17:59 - 02126848 _____ () C:\Users\Adam\Desktop\adwcleaner_4.111.exe
2015-03-01 18:59 - 2015-03-01 18:59 - 00000000 ____D () C:\rsit
C:\Program Files\XTab
C:\Program Files\globalUpdate
C:\ProgramData\IHProtectUpDate
Folder: C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D05524D-0596-4C8D-9C65-7B19E0B7E194}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D05524D-0596-4C8D-9C65-7B19E0B7E194}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AC567165-06FA-4A99-83A3-18D17CE08B87} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC567165-06FA-4A99-83A3-18D17CE08B87}" => Key deleted successfully.
"C:\Users\Adam\AppData\Roaming\mystartsearch" => File/Directory not found.
"HKU\S-1-5-21-3409903947-2537725115-4003705135-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd17fc43-7898-11e4-9acb-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{dd17fc43-7898-11e4-9acb-806e6f6e6963} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Adam\Desktop\adwcleaner_4.111.exe => Moved successfully.
C:\rsit => Moved successfully.
"C:\Program Files\XTab" => File/Directory not found.
"C:\Program Files\globalUpdate" => File/Directory not found.
"C:\ProgramData\IHProtectUpDate" => File/Directory not found.
========================= Folder: C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d} ========================
2015-02-25 15:00 - 2015-02-25 15:00 - 0000892 _____ () C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}\TVMOBiLi crack.dat
====== End of Folder: ======
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 231 MB temporary data.
The system needed a reboot.
==== End of Fixlog 19:19:35 ====
Re: Prosím o kontrolu
Toto tam mate predpokladam schvalne C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}\TVMOBiLi crack.dat
Zbytek logu je cisty, takze jak se chova PC? Zacneme uklizet?
Zbytek logu je cisty, takze jak se chova PC? Zacneme uklizet?
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu
Áno, ten program už nemám. Dá sa to odstrániť ?
Áno, môžeme. Zdá sa byť lepší.
Áno, môžeme. Zdá sa byť lepší.
Re: Prosím o kontrolu
Smazte slozku
C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}
Jeste uklidime.
C:\ProgramData\{b3c0668b-4bbd-aa0a-b3c0-0668b4bb9a2d}
Jeste uklidime.
- Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
- Oznacte jen moznost "Remove disinfection tools"
- kliknete na Run
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Prosím o kontrolu
Ďakujem pekne a prajem ešte pekný zvyšok týždňa 

Re: Prosím o kontrolu
Nemate zac, rad jsem pomohl
Mejte se krasne a treba zase nekdy

Mejte se krasne a treba zase nekdy

Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.