VIRY.CZ

Dobrý den, mám Chrome a je v něm mnoho vyskakovacích oken, na stránkách je vždycky plno reklam a klikatelných odkazů. Co s tím? Zde je log z RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by misa at 2015-07-12 04:55:09
Microsoft Windows 8.1
System drive C: has 786 GB (83%) free of 947 GB
Total RAM: 6109 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:55:15, on 12. 7. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe
C:\Program Files (x86)\Common Files\Overwolf\0.86.89.0\OverwolfHelper.exe
C:\Program Files (x86)\Overwolf\0.86.89.0\OverwolfBrowser.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\misa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.8.0_40\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_00D28F5606223B402D2A3E92EECA61C1] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
O4 - Startup: Banished.lnk = C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Icy Stay - Unknown owner - C:\Program Files (x86)\Icy Stay\Icy Stay.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Overwolf Updater Windows SCM (OverwolfUpdater) - Overwolf LTD - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7596 bytes

======Listing Processes======





wininit.exe


C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\couponight\couponight.dll",serv
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\couponight\couponight.dll",serv
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {482b62e6-099c-4b04-a088d6f0d85a2207}
"C:\Program Files (x86)\Icy Stay\Icy Stay.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-666fdc68-d354-41f2-8324-a39e40b5d95c -SystemEventPortName:HostProcess-8c582269-59bf-4816-a463-de130155872d -IoCancelEventPortName:HostProcess-1ea40352-e0b8-4f3f-86d1-6514b2e4615a -NonStateChangingEventPortName:HostProcess-fbab0e4e-9186-49e6-ba60-402f5516a743 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2fe5d31f-6c5e-4289-9cbe-188752d8ea60 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
taskhostex.exe
C:\Windows\Explorer.EXE
ClassicStartMenu.exe -startup
"C:\Program Files (x86)\Overwolf\Overwolf.exe" -silent
"C:\Windows\system32\GWX\GWX.exe"
"C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe" --startup=1
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Overwolf\0.86.89.0\OverwolfHelper.exe" "path=C:\Program Files (x86)\Overwolf\0.86.89.0\OWExplorerLauncher.dll
"C:\Program Files (x86)\Common Files\Overwolf\0.86.89.0\OverwolfHelper64.exe" "path=C:\Program Files (x86)\Overwolf\0.86.89.0\x64\OWExplorerLauncher.dll
"C:\Program Files (x86)\Overwolf\0.86.89.0\OverwolfBrowser.exe" --type=renderer --disable-gpu-compositing --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Overwolf\0.86.89.0\Locales" --log-file="C:\Users\misa\AppData\Local\Overwolf\Log\OverwolfBrowser_3512.log" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 OverwolfClient/0.86.89.0" --enable-media-stream --uncaught-exception-stack-size=20 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-gpu-compositing --channel="3512.0.1847827138\1759595953" /prefetch:673131151
"C:\Program Files\Windows Defender\MpCmdRun.exe" SpyNetServiceDss -RestrictPrivileges -AccessKey 42055243-8670-BBA5-0FB9-3AE287D80081 -Reinvoke
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --on-initialized-event-handle=416 --parent-handle=420
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5424.0.6463014\2058708173" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,20,43 --gpu-vendor-id=0x1002 --gpu-device-id=0x6658 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.251.9001.1001 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.2.741529139\610376280" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.3.875162239\2077153753" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.4.1438520163\674903800" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.5.923493780\198340000" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.6.1608118647\1585244206" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.7.1698088833\1266406562" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.8.1539836363\405314748" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5424.9.159715346\492057064" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.11.1540835373\1972988458" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.14.1926425605\583636031" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/*SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.15.928802831\546323821" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Disabled/ChildAccountDetection/Enabled/ChromeDashboard/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Disabled/*LocalNTPFast/Control/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/*SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_68/*UMA-Uniformity-Trial-10-Percent/default/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_14/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Control/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=5424 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="5424.16.1879767702\2071314920" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe48_ Global\UsGthrCtrlFltPipeMssGthrPipe48 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568

"C:\Users\misa\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Bidaily Synchronize Task.job - C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe --startup=1 --single
C:\Windows\tasks\ModuleEdit.job - c:\programdata\{cbaaf589-c58f-2d11-cbaa-af589c58d627}\852092035534208890b.exe --startup=1 --single

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2014-04-20 161984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2015-06-04 2892992]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2015-03-30 3632472]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-06-29 53288576]
"GoogleChromeAutoLaunch_00D28F5606223B402D2A3E92EECA61C1"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2015-05-22 813896]
"Overwolf"=C:\Program Files (x86)\Overwolf\Overwolf.exe [2015-06-21 41200]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-07-04 766688]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre1.8.0_40\bin\jusched.exe []

C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Banished.lnk - C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-07-12 04:55:09 ----D---- C:\rsit
2015-07-12 04:55:09 ----D---- C:\Program Files\trend micro
2015-07-10 20:16:27 ----D---- C:\Users\misa\AppData\Roaming\OBS
2015-07-10 20:16:09 ----D---- C:\Program Files\OBS
2015-07-10 20:16:07 ----D---- C:\Program Files (x86)\OBS
2015-07-07 11:37:14 ----D---- C:\Program Files (x86)\Icy Stay
2015-07-06 22:04:28 ----D---- C:\Users\misa\AppData\Roaming\Notepad++
2015-07-06 22:04:28 ----D---- C:\Program Files (x86)\Notepad++
2015-07-02 22:51:41 ----D---- C:\ProgramData\Overwolf
2015-07-02 22:51:27 ----D---- C:\Program Files (x86)\Overwolf
2015-07-02 22:49:31 ----D---- C:\Users\misa\AppData\Roaming\TS3Client
2015-07-02 22:48:58 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2015-07-01 18:03:58 ----D---- C:\Program Files (x86)\IeSavver
2015-07-01 18:03:41 ----D---- C:\Program Files (x86)\Isaaveer
2015-07-01 18:03:30 ----D---- C:\Program Files (x86)\IiSaver
2015-07-01 18:03:22 ----D---- C:\Program Files (x86)\QR Code Maker and Decoder
2015-06-22 16:08:34 ----D---- C:\Users\misa\AppData\Roaming\MMFApplications
2015-06-17 20:00:41 ----D---- C:\Users\misa\AppData\Roaming\LolClient
2015-06-14 18:46:29 ----D---- C:\Program Files (x86)\ReeguLaRDeaLs

======List of files/folders modified in the last 1 month======

2015-07-12 04:55:09 ----RD---- C:\Program Files
2015-07-12 04:54:54 ----D---- C:\Windows\Temp
2015-07-12 04:00:00 ----D---- C:\Windows\system32\sru
2015-07-12 03:49:15 ----D---- C:\Windows\Prefetch
2015-07-12 02:24:47 ----D---- C:\Windows\Microsoft.NET
2015-07-11 18:50:52 ----D---- C:\Users\misa\AppData\Roaming\Skype
2015-07-11 09:08:03 ----D---- C:\Users\misa\AppData\Roaming\.minecraft
2015-07-10 21:44:03 ----D---- C:\Users\misa\AppData\Roaming\ClassicShell
2015-07-10 20:16:07 ----RD---- C:\Program Files (x86)
2015-07-10 07:21:19 ----D---- C:\Windows\system32\config
2015-07-09 18:51:17 ----SHD---- C:\System Volume Information
2015-07-09 15:34:25 ----D---- C:\Program Files (x86)\Steam
2015-07-09 10:01:57 ----D---- C:\Windows\system32\NDF
2015-07-09 08:14:12 ----D---- C:\Windows\WinSxS
2015-07-09 08:14:12 ----D---- C:\Windows\SysWOW64
2015-07-09 07:50:47 ----D---- C:\Windows\CbsTemp
2015-07-08 09:13:35 ----SHD---- C:\Windows\Installer
2015-07-08 09:13:34 ----D---- C:\ProgramData\Skype
2015-07-08 09:13:32 ----RD---- C:\Program Files (x86)\Skype
2015-07-07 14:57:59 ----D---- C:\Program Files (x86)\Opera
2015-07-06 23:24:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-06 15:11:05 ----D---- C:\Windows\AppReadiness
2015-07-06 15:11:04 ----HD---- C:\Program Files\WindowsApps
2015-07-05 12:08:23 ----N---- C:\Windows\system32\MpSigStub.exe
2015-07-02 22:53:08 ----D---- C:\Windows\system32\Tasks
2015-07-02 22:52:17 ----D---- C:\Program Files (x86)\Common Files
2015-07-02 22:51:41 ----HD---- C:\ProgramData
2015-07-02 11:50:31 ----D---- C:\Program Files (x86)\FiiNdBestDeal
2015-07-02 11:50:30 ----D---- C:\Program Files (x86)\FindBestDaEAl
2015-07-01 18:04:09 ----D---- C:\ProgramData\9324921218015595999
2015-06-29 06:40:48 ----D---- C:\Windows\system32\catroot2
2015-06-27 06:33:42 ----D---- C:\Windows\Inf
2015-06-22 15:50:58 ----D---- C:\Windows\system32\drivers
2015-06-17 17:14:10 ----D---- C:\Windows\system32\DriverStore
2015-06-17 17:00:55 ----D---- C:\Windows\rescache
2015-06-16 12:10:22 ----RD---- C:\Windows\System32
2015-06-16 12:10:22 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-11-21 157016]
R1 {4a053818-d714-4ae9-a858-ecc472a00067}Gw64;{4a053818-d714-4ae9-a858-ecc472a00067}Gw64; C:\Windows\system32\drivers\{4a053818-d714-4ae9-a858-ecc472a00067}Gw64.sys [2015-04-15 48792]
R1 {982245f6-1668-4378-8c8e-eef87d9d5d41}Gw64;{982245f6-1668-4378-8c8e-eef87d9d5d41}Gw64; C:\Windows\system32\drivers\{982245f6-1668-4378-8c8e-eef87d9d5d41}Gw64.sys [2015-04-18 48792]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 AODDriver4.2.0;AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2013-09-20 59648]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-07-21 13209088]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-07-21 626688]
R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athw8x.sys [2013-06-18 3680256]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2014-11-21 121088]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-11-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
R3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2013-08-22 20992]
R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
R3 WUDFWpdMtp;WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
S3 dg_ssudbus;@oem4.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 ssudmdm;@oem5.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2013-08-22 78848]
S3 xusb22;@xusb22.inf,%XUSB22.ServiceName%;Xbox 360 Wireless Receiver Driver Service 22; C:\Windows\System32\drivers\xusb22.sys [2014-11-21 87040]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-07-21 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-07-04 344064]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-11-21 38792]
R2 Icy Stay;Icy Stay; C:\Program Files (x86)\Icy Stay\Icy Stay.exe [2015-07-07 8016168]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-04-17 5448976]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S2 d6b52028;couponight; C:\Windows\syswow64\rundll32.exe [2014-11-21 51200]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-03 327296]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-11-21 38792]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-03-30 1930608]
S3 OverwolfUpdater;Overwolf Updater Windows SCM; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-06-21 1000688]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-06-04 837312]

-----------------EOF-----------------

Zde FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by misa (administrator) on MISA-WINDOWS on 12-07-2015 05:00:32
Running from C:\Users\misa\Desktop
Loaded Profiles: misa (Available Profiles: misa)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Icy Stay\Icy Stay.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.86.89.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.86.89.0\OverwolfHelper64.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.86.89.0\OverwolfBrowser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\misa\Desktop\FRSTLauncher.exe
(forum.viry.cz) C:\Users\misa\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_40\bin\jusched.exe"
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-03-30] (Electronic Arts)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [GoogleChromeAutoLaunch_00D28F5606223B402D2A3E92EECA61C1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-06-21] (Overwolf LTD)
Startup: C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banished.lnk [2015-05-02]
ShortcutTarget: Banished.lnk -> C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.1.1
Tcpip\..\Interfaces\{0E1A0E64-4BC2-4986-B025-81936BAB832C}: [DhcpNameServer] 10.10.1.1

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4105595590-322866820-2549149084-1001: @nsroblox.roblox.com/launcher -> C:\Users\misa\AppData\Local\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4105595590-322866820-2549149084-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\misa\AppData\Local\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-22]
CHR Extension: (Google Docs) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-22]
CHR Extension: (Google Drive) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-22]
CHR Extension: (YouTube) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-22]
CHR Extension: (Google Search) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-22]
CHR Extension: (QR Code Maker and Decoder) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkkpjnnhmokcnfdllcgldppopnneooi [2015-07-01]
CHR Extension: (Google Sheets) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-22]
CHR Extension: (DealSpaCe) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\halmhbphbdmmbadmcdghadhgmdnekgjn [2015-06-04]
CHR Extension: (Reddit Liquid Streams) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiigcfcddhjmneikmajnkkljnmgbdomp [2015-06-04]
CHR Extension: (Skype Click to Call) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-31]
CHR Extension: (PrivacyProtectorGVN) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmebibceegmfjcachddjmmdclfcankha [2015-06-11]
CHR Extension: (Google Wallet) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR Extension: (Gmail) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

Opera:
=======
OPR Extension: (gate snapper) - C:\Users\misa\AppData\Roaming\Opera Software\Opera Stable\Extensions\ohhjjfhfffikfmpphbnoejohkccdghoi [2015-04-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 d6b52028; c:\Program Files (x86)\couponight\couponight.dll [1747968 2015-06-04] () [File not signed]
R2 Icy Stay; C:\Program Files (x86)\Icy Stay\Icy Stay.exe [8016168 2015-07-07] () [File not signed] <==== ATTENTION
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-30] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1000688 2015-06-21] (Overwolf LTD)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-21] (Microsoft Corporation)
R1 {4a053818-d714-4ae9-a858-ecc472a00067}Gw64; C:\Windows\System32\drivers\{4a053818-d714-4ae9-a858-ecc472a00067}Gw64.sys [48792 2015-04-15] (StdLib)
R1 {982245f6-1668-4378-8c8e-eef87d9d5d41}Gw64; C:\Windows\System32\drivers\{982245f6-1668-4378-8c8e-eef87d9d5d41}Gw64.sys [48792 2015-04-18] (StdLib)
R1 {a7ee1250-095f-4f56-83d9-160c5da7cb0f}Gw64; C:\Windows\System32\drivers\{a7ee1250-095f-4f56-83d9-160c5da7cb0f}Gw64.sys [48792 2015-04-21] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 05:00 - 2015-07-12 05:01 - 00013598 _____ C:\Users\misa\Desktop\FRST.txt
2015-07-12 04:59 - 2015-07-12 05:00 - 00000000 ____D C:\FRST
2015-07-12 04:59 - 2015-07-12 04:59 - 00112640 _____ (forum.viry.cz) C:\Users\misa\Desktop\FRSTLauncher.exe
2015-07-12 04:58 - 2015-07-12 04:58 - 02130944 _____ (Farbar) C:\Users\misa\Desktop\FRST64.exe
2015-07-12 04:55 - 2015-07-12 04:55 - 00000000 ____D C:\rsit
2015-07-12 04:55 - 2015-07-12 04:55 - 00000000 ____D C:\Program Files\trend micro
2015-07-12 04:54 - 2015-07-12 04:54 - 01222144 _____ C:\Users\misa\Downloads\RSITx64.exe
2015-07-10 20:16 - 2015-07-11 09:07 - 00000000 ____D C:\Users\misa\AppData\Roaming\OBS
2015-07-10 20:16 - 2015-07-10 20:16 - 00000947 _____ C:\Users\misa\Desktop\Open Broadcaster Software.lnk
2015-07-10 20:16 - 2015-07-10 20:16 - 00000000 ____D C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-07-10 20:16 - 2015-07-10 20:16 - 00000000 ____D C:\Program Files\OBS
2015-07-10 20:16 - 2015-07-10 20:16 - 00000000 ____D C:\Program Files (x86)\OBS
2015-07-10 20:15 - 2015-07-10 20:15 - 07072745 _____ C:\Users\misa\Downloads\OBS_0_651b_Installer.exe
2015-07-07 22:27 - 2015-07-07 22:27 - 00000222 _____ C:\Users\misa\Desktop\Euro Truck Simulator 2.url
2015-07-07 11:37 - 2015-07-07 11:37 - 00000000 ____D C:\Program Files (x86)\Icy Stay
2015-07-06 22:05 - 2015-07-06 22:05 - 00001518 _____ C:\Users\misa\Downloads\permissions.yml
2015-07-06 22:04 - 2015-07-07 15:31 - 00000000 ____D C:\Users\misa\AppData\Roaming\Notepad++
2015-07-06 22:04 - 2015-07-06 22:04 - 00001063 _____ C:\Users\misa\Desktop\Návod na pluginy.lnk
2015-07-06 22:04 - 2015-07-06 22:04 - 00000000 ____D C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-06 22:04 - 2015-07-06 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-06 22:04 - 2015-07-06 22:04 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-07-06 22:03 - 2015-07-06 22:04 - 07000049 _____ C:\Users\misa\Downloads\npp.6.7.9.2.Installer.exe
2015-07-02 22:53 - 2015-07-02 22:53 - 00003728 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2015-07-02 22:52 - 2015-07-02 22:52 - 00000000 ____D C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2015-07-02 22:51 - 2015-07-03 07:22 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-07-02 22:51 - 2015-07-02 22:52 - 00000000 ____D C:\ProgramData\Overwolf
2015-07-02 22:49 - 2015-07-11 18:51 - 00000000 ____D C:\Users\misa\AppData\Local\Overwolf
2015-07-02 22:49 - 2015-07-07 22:12 - 00000000 ____D C:\Users\misa\AppData\Roaming\TS3Client
2015-07-02 22:49 - 2015-07-02 22:49 - 00001174 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-07-02 22:49 - 2015-07-02 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-07-02 22:48 - 2015-07-02 22:49 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2015-07-02 22:47 - 2015-07-02 22:48 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\misa\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2015-07-01 18:03 - 2015-07-01 18:05 - 00000000 ____D C:\Program Files (x86)\Isaaveer
2015-07-01 18:03 - 2015-07-01 18:05 - 00000000 ____D C:\Program Files (x86)\IeSavver
2015-07-01 18:03 - 2015-07-01 18:03 - 00000000 ____D C:\Program Files (x86)\QR Code Maker and Decoder
2015-07-01 18:03 - 2015-07-01 18:03 - 00000000 ____D C:\Program Files (x86)\IiSaver
2015-06-29 21:44 - 2015-06-29 21:45 - 00000000 _____ C:\Users\misa\Desktop\Znaky.txt
2015-06-29 12:47 - 2014-06-08 18:08 - 01094097 _____ C:\Users\misa\Desktop\keinett launcher Swing Craft.exe
2015-06-29 12:46 - 2015-06-29 12:46 - 00952027 _____ C:\Users\misa\Downloads\keinett launcher Swing Craft.rar
2015-06-29 12:12 - 2015-06-29 12:13 - 00000009 _____ C:\Users\misa\Desktop\Jmeno minecraft.txt
2015-06-29 12:08 - 2015-06-29 12:08 - 00952022 _____ C:\Users\misa\Downloads\KeiNett Launcher for Minecraft 1.8.rar
2015-06-29 12:08 - 2014-06-03 18:42 - 01094097 _____ C:\Users\misa\Desktop\KeiNett Launcher.exe
2015-06-22 16:24 - 2015-06-22 16:08 - 217459111 _____ C:\Users\misa\Desktop\Five-Nights-at-Freddy's-2.exe
2015-06-22 16:08 - 2015-06-22 16:09 - 00000000 ____D C:\Users\misa\AppData\Roaming\MMFApplications
2015-06-22 15:55 - 2015-06-22 16:08 - 217459111 _____ C:\Users\misa\Downloads\Five-Nights-at-Freddy's-2.exe
2015-06-22 15:47 - 2015-06-22 15:47 - 00032804 _____ C:\Users\misa\Downloads\Five-Nights-at-Freddy’s-2-Full-Crack.rar
2015-06-21 12:43 - 2015-06-21 12:59 - 00001592 _____ C:\Users\misa\Desktop\Portal 2 Spalovací Místnost.txt
2015-06-20 16:55 - 2015-06-20 16:55 - 00000000 ____D C:\Users\misa\AppData\Local\openvr
2015-06-19 19:54 - 2015-06-19 19:54 - 00000219 _____ C:\Users\misa\Desktop\Team Fortress 2.url
2015-06-19 07:24 - 2015-06-19 07:25 - 15304180 _____ C:\Users\misa\Downloads\Portal 2 Mod Maps.zip
2015-06-17 20:00 - 2015-06-17 20:00 - 00000000 ____D C:\Users\misa\AppData\Roaming\LolClient
2015-06-15 17:26 - 2015-06-15 17:26 - 00095740 _____ C:\Users\misa\Downloads\GLaDOS_Hello_again.wav
2015-06-15 17:26 - 2015-06-15 17:26 - 00090448 _____ C:\Users\misa\Downloads\GLaDOS_Game_Spot (1).wav
2015-06-15 17:25 - 2015-06-15 17:25 - 00090448 _____ C:\Users\misa\Downloads\GLaDOS_Game_Spot.wav
2015-06-14 18:46 - 2015-07-02 11:49 - 00000000 ____D C:\Program Files (x86)\ReeguLaRDeaLs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 05:00 - 2015-03-22 01:33 - 01168098 _____ C:\Windows\WindowsUpdate.log
2015-07-12 05:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-12 00:36 - 2015-06-04 12:36 - 00000376 _____ C:\Windows\Tasks\ModuleEdit.job
2015-07-11 19:34 - 2015-05-02 19:34 - 00000354 _____ C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-07-11 18:58 - 2015-03-22 01:39 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4105595590-322866820-2549149084-1001
2015-07-11 18:50 - 2015-03-31 16:59 - 00000000 ____D C:\Users\misa\AppData\Roaming\Skype
2015-07-11 18:47 - 2015-03-22 01:34 - 00000000 ____D C:\Users\misa
2015-07-11 18:47 - 2013-08-22 16:46 - 00041315 _____ C:\Windows\setupact.log
2015-07-11 18:47 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 09:08 - 2015-03-24 19:54 - 00000000 ____D C:\Users\misa\AppData\Roaming\.minecraft
2015-07-11 06:52 - 2015-06-04 14:05 - 00000024 _____ C:\Users\misa\AppData\Roaming\appdataFr25.bin
2015-07-10 21:44 - 2015-03-22 12:19 - 00000000 ____D C:\Users\misa\AppData\Roaming\ClassicShell
2015-07-09 15:34 - 2015-03-22 01:48 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-09 10:01 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-09 08:14 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-08 09:13 - 2015-03-31 16:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-08 09:13 - 2015-03-31 16:59 - 00000000 ____D C:\ProgramData\Skype
2015-07-07 22:27 - 2015-03-22 01:52 - 00000000 ____D C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-07 14:57 - 2015-04-16 14:17 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-06 23:24 - 2014-11-21 14:21 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2014-11-21 14:21 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 15:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-05 12:08 - 2015-03-22 12:39 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 07:15 - 2014-11-20 21:43 - 00009196 _____ C:\Windows\PFRO.log
2015-07-02 11:50 - 2015-06-11 15:43 - 00000000 ____D C:\Program Files (x86)\FiiNdBestDeal
2015-07-02 11:50 - 2015-06-11 15:42 - 00000000 ____D C:\Program Files (x86)\FindBestDaEAl
2015-07-01 18:04 - 2015-05-02 19:35 - 00000000 ____D C:\ProgramData\9324921218015595999
2015-07-01 17:24 - 2015-03-24 19:00 - 00000000 ____D C:\Users\misa\Downloads\game
2015-06-25 13:10 - 2015-04-16 14:19 - 00003838 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429186738
2015-06-25 13:10 - 2015-04-16 14:18 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-22 15:50 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-17 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-16 12:10 - 2014-11-21 06:53 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 12:10 - 2014-11-21 06:10 - 00738682 _____ C:\Windows\system32\perfh005.dat
2015-06-16 12:10 - 2014-11-21 06:10 - 00151404 _____ C:\Windows\system32\perfc005.dat
2015-06-15 14:40 - 2015-03-22 01:39 - 00000000 __SHD C:\Users\misa\AppData\Local\EmieUserList
2015-06-15 14:40 - 2015-03-22 01:39 - 00000000 __SHD C:\Users\misa\AppData\Local\EmieSiteList
2015-06-15 14:40 - 2015-03-22 01:39 - 00000000 __SHD C:\Users\misa\AppData\Local\EmieBrowserModeList

==================== Files in the root of some directories =======

2015-06-04 14:05 - 2015-07-11 06:52 - 0000024 _____ () C:\Users\misa\AppData\Roaming\appdataFr25.bin
2011-02-19 10:42 - 2011-02-19 10:42 - 0000175 _____ () C:\Users\misa\AppData\Roaming\PlayZombieCraft.bat
2015-04-07 13:12 - 2015-02-06 13:12 - 0000032 ____R () C:\ProgramData\hash.dat
2015-05-14 13:44 - 2015-05-14 13:44 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some files in TEMP:
====================
C:\Users\misa\AppData\Local\Temp\4200.exe
C:\Users\misa\AppData\Local\Temp\852092035534208890b.exe
C:\Users\misa\AppData\Local\Temp\APNSetup.exe
C:\Users\misa\AppData\Local\Temp\ntwdblib.dll
C:\Users\misa\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-11 18:58




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:924.92 GB) (Free:767.25 GB) NTFS

Available physical RAM: 2764.46 MB
Total physical RAM: 6108.65 MB
Percentage of memory in use: 54%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe <==== ATTENTION
Task: C:\Windows\Tasks\ModuleEdit.job => c:\programdata\{cbaaf589-c58f-2d11-cbaa-af589c58d627}\852092035534208890b.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\misa\Desktop" je 3220 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Hotovo, akorát bannery tu pořád jsou. (Ad by Supreme AdBlocker)

# AdwCleaner v4.208 - Log vytvořen 12/07/2015 v 16:01:56
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-11.1 [Server]
# Operační system : Windows 8.1 (x64)
# Uživatelské jméno : misa - MISA-WINDOWS
# Spuštěno z : C:\Users\misa\Desktop\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****

Služba Smazáno : {4a053818-d714-4ae9-a858-ecc472a00067}Gw64
Služba Smazáno : {982245f6-1668-4378-8c8e-eef87d9d5d41}Gw64
Služba Smazáno : {a7ee1250-095f-4f56-83d9-160c5da7cb0f}Gw64
[#] Služba Smazáno : d6b52028

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\ProgramData\9324921218015595999
Složka Smazáno : C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}
Složka Smazáno : C:\ProgramData\{cbaaf589-c58f-2d11-cbaa-af589c58d627}
Složka Smazáno : C:\Program Files (x86)\couponight
Složka Smazáno : C:\Program Files (x86)\DealSpaCe
Složka Smazáno : C:\Program Files (x86)\FiiNdBestDeal
Složka Smazáno : C:\Program Files (x86)\FindBestDaEAl
Složka Smazáno : C:\Program Files (x86)\FindoBesattDEoal
Složka Smazáno : C:\Program Files (x86)\IeSavver
Složka Smazáno : C:\Program Files (x86)\IiSaver
Složka Smazáno : C:\Program Files (x86)\Isaaveer
Složka Smazáno : C:\Program Files (x86)\ReeguLaRDeaLs
Složka Smazáno : C:\Program Files (x86)\SalePPluS
Složka Smazáno : C:\Users\misa\AppData\Local\Temp\apn
Složka Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkkpjnnhmokcnfdllcgldppopnneooi
Složka Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\halmhbphbdmmbadmcdghadhgmdnekgjn
Složka Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiigcfcddhjmneikmajnkkljnmgbdomp
Složka Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmebibceegmfjcachddjmmdclfcankha
Složka Smazáno : C:\ProgramData\jjanbkifdfaplpbappolahoinlfhhajo
Soubor Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ekkkpjnnhmokcnfdllcgldppopnneooi_0.localstorage
Soubor Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ekkkpjnnhmokcnfdllcgldppopnneooi_0.localstorage-journal
Soubor Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kiigcfcddhjmneikmajnkkljnmgbdomp_0.localstorage
Soubor Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kiigcfcddhjmneikmajnkkljnmgbdomp_0.localstorage-journal
Soubor Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmebibceegmfjcachddjmmdclfcankha_0.localstorage
Soubor Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lmebibceegmfjcachddjmmdclfcankha_0.localstorage-journal
Soubor Smazáno : C:\Windows\System32\drivers\{4a053818-d714-4ae9-a858-ecc472a00067}Gw64.sys
Soubor Smazáno : C:\Windows\System32\drivers\{982245f6-1668-4378-8c8e-eef87d9d5d41}Gw64.sys
Soubor Smazáno : C:\Windows\System32\drivers\{a7ee1250-095f-4f56-83d9-160c5da7cb0f}Gw64.sys
Soubor Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utilitychest.dl.tb.ask.com_0.localstorage
Soubor Smazáno : C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utilitychest.dl.tb.ask.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****

Úloha Smazáno : Bidaily Synchronize Task

***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKCU\Software\0f797ecc7fa2161f26156fa2b233fd56
Klíč Smazáno : HKLM\SOFTWARE\a1b26413-4528-a6fc-799b-0f380f371c8c
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d6b52028}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{588BD59D-3E28-483B-8484-164D57F40D62}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{CBD6173B-4061-4104-BF2F-C8E81389DB27}
Klíč Smazáno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Smazáno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B696F285-F54E-2524-58B1-E06A70ABE6BE}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5CA91B2-6518-8029-1AC2-E73D213FE1B5}

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.81

[C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=A ... earchTerms}
[C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] : 60A4C40E034B80808518F8C4CC7038BAD4BA57B31AC8BD15BA162A5C7E952586","homepage_is_newtabpage":"A554452DC00AB4C8400CF5F67167812F080BA118AFFD1D2D981D2CA44A900AD6","pinned_tabs":"538CCA4F773F0AB154B556950D21C0CB54509B6D611932F7ABA1B90D7B46A71F","prefs":{"preference_reset_time":"C193D33FEF6BAFE23565F8622726E4BFF27BFA8671A13A8EEF1C824A8810E880"},"profile":{"reset_prompt_memento":"25335401F02896F65AEEDE513D22763ACB8A60EB497B587D247393E898A2099A"},"safebrowsing":{"incidents_sent":"E8269E4929A2DA6AEDF65ABCA28BDC65AE6545BCDAD99CBFA22E169B359EC4F4"},"search_provider_overrides":"934F535E0ED3F6B9C52DE879ED34C16374974F35E5F1759D9BCA31A64431BF33","session":{"restore_on_startup":"6087C4CE096770E095529232E6029AB29268F75EBC7AB888DF3EE036F5710739","startup_urls":"115E92A657995D1274DE8028A92F659CECC6580CFDA131223442A07A15F871B8"},"software_reporter":{"prompt_reason":"9B33D4E0EDDD797FC103D114EDCDA5AF3E9F1CEB7A1FBB9682AE596BD4056102","prompt_seed":"00C1ABCC849EF3038069E8C6E3963E12854548744CDC3E8E9EFA76E27966687C","prompt_version":"7CAAE891147BE16776892E4EBF5488A9F51FE2BA4FA8AF97FEC4F89A59E0862A"},"sync":{"remaining_rollback_tries":"2B7D650C2C1C6BCD9E11B8EB1EEBF310640613CEB1B6D32F043C0F114533494D"}},"super_mac":"E6A2974DEADDCD646F00E2B21232A2311FFD9DA259A6F6CCE50ABA0F49657E8B"},"session":{"startup_urls":["hxxp://search.gboxapp.com/
[C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Startup_URLs] : 115E92A657995D1274DE8028A92F659CECC6580CFDA131223442A07A15F871B8"},"software_reporter":{"prompt_reason":"9B33D4E0EDDD797FC103D114EDCDA5AF3E9F1CEB7A1FBB9682AE596BD4056102","prompt_seed":"00C1ABCC849EF3038069E8C6E3963E12854548744CDC3E8E9EFA76E27966687C","prompt_version":"7CAAE891147BE16776892E4EBF5488A9F51FE2BA4FA8AF97FEC4F89A59E0862A"},"sync":{"remaining_rollback_tries":"2B7D650C2C1C6BCD9E11B8EB1EEBF310640613CEB1B6D32F043C0F114533494D"}},"super_mac":"E6A2974DEADDCD646F00E2B21232A2311FFD9DA259A6F6CCE50ABA0F49657E8B"},"session":{"startup_urls":["hxxp://search.gboxapp.com/

-\\ Opera v30.0.1835.88


*************************

AdwCleaner[R0].txt - [8079 bytů] - [12/07/2015 16:01:22]
AdwCleaner[S0].txt - [7721 bytů] - [12/07/2015 16:01:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7779 bytů] ##########

Jeste taky nekoncime

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by misa on ne 12. 07. 2015 at 17:17:43,03.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\misa\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12. 7. 2015 17:18:46 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\Users\misa\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\misa\AppData\Local\EmieSiteList deleted successfully
C:\Users\misa\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\PrivacyProtectorGVN deleted
C:\PROGRA~2\QR Code Maker and Decoder deleted
C:\PROGRA~2\Reddit Liquid Streams deleted
C:\Users\misa\AppData\Roaming\.technic deleted
C:\windows\SysNative\Tasks\ModuleEdit deleted
C:\install.exe deleted
C:\Users\misa\AppData\Roaming\PlayZombieCraft.bat deleted
C:\PROGRA~3\hash.dat deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\PROGRA~2\Icy Stay\Icy Stay.exe" deleted
"C:\PROGRA~2\Icy Stay" not deleted

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01. 05. 2015 11:17]

Skype Click to Call - misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
gate snapper - misa\AppData\Roaming\Opera Software\Opera Stable\Extensions\ohhjjfhfffikfmpphbnoejohkccdghoi

==== Chromium Startpages ======================

C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Preferences
ts":{"srtt":114801},"supports_spdy":true},"stats.g.doubleclick.net:443":{"supports_spdy":true},"stats.g.doubleclick.net:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":48604}},"storage.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"support.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":29604}},"syndication.twitter.com:443":{"supports_spdy":true},"t0.gstatic.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":22000}},"t1.gstatic.com:80":{"network_stats":{"srtt":70667}},"t2.gstatic.com:80":{"network_stats":{"srtt":29000}},"t3.gstatic.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"theprivilegesbox.com:443":{"supports_spdy":true},"tpc.googlesyndication.com:443":{"supports_spdy":true},"translate.google.com:80":{"network_stats":{"srtt":146968}},"translate.googleapis.com:443":{"supports_spdy":true},"video-ad-stats.googlesyndication.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"winnerican.org:443":{"supports_spdy":true},"winnering.info:443":{"supports_spdy":true},"winnering.org:443":{"supports_spdy":true},"www.apunkagames.net:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.blogblog.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.facebook.com:443":{"supports_spdy":true},"www.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":48943}},"www.google-analytics.com:80":{"network_stats":{"srtt":53671}},"www.google.com:443":{"supports_spdy":true},"www.google.com:80":{"network_stats":{"srtt":27342}},"www.google.cz:443":{"supports_spdy":true},"www.google.cz:80":{"network_stats":{"srtt":33728}},"www.googleadservices.com:443":{"network_stats":{"srtt":24641}},"www.googleadservices.com:80":{"network_stats":{"srtt":50313}},"www.googleapis.com:443":{"supports_spdy":true},"www.googletagservices.com:443":{"supports_spdy":true},"www.gstatic.com:443":{"network_stats":{"srtt":22627},"supports_spdy":true},"www.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":23375}},"www.youtube.com:80":{"network_stats":{"srtt":38203}},"youtube.com:80":{"network_stats":{"srtt":24046}}},"supports_quic":{"address":"10.10.1.107","used_quic":true},"version":3}},"ntp":{"app_page_names":["Aplikace"]},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"http://tn.nova.cz:80,http://tn.nova.cz:80":{"setting":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"https://www.facebook.com:443,*":{"last_used":1436300281.983476,"setting":1}},"media_stream_mic":{"https://www.facebook.com:443,*":{"last_used":1436300281.983476,"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{"https://mail.google.com:443,*":{"setting":1}},"plugins":{},"popups":{"https://[*.]www.google.cz:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://tn.nova.cz:80,http://tn.nova.cz:80":{"fullscreen":1},"https://[*.]www.google.cz:443,*":{"popups":1},"https://[*.]www.youtube.com:443,*":{"popups":1},"https://mail.google.com:443,*":{"last_used":{"notifications":1431248592.625377},"notifications":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"42.0.2311.90","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Misa","per_host_zoom_levels":{}},"protection":{"macs":{}},"selectfile":{"last_directory":"C:\\Users\\misa\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13079794473822915"},"translate_accepted_count":{"en":0,"pl":0},"translate_blocked_languages":["cs"],"translate_denied_count":{"en":2,"pl":1},"translate_last_denied_time":1430234077607.709,"translate_too_often_denied":true,"translate_whitelists":{}}


==== Chromium Fix ======================

C:\Users\misa\AppData\Roaming\Opera Software\Opera Stable\Extensions\ohhjjfhfffikfmpphbnoejohkccdghoi deleted successfully
C:\Users\misa\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_ohhjjfhfffikfmpphbnoejohkccdghoi_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSE1"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSE1"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\misa\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\misa\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\misa\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EACF28-3304-CDE7-8F98-5992F85D389C} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\misa\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\misa\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\misa\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\misa\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\misa\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6508 folders=1123 1146745516 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\misa\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\misa\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not deleted
"C:\PROGRA~2\Icy Stay" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ne 12. 07. 2015 at 17:32:29,17 ======================

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by misa (administrator) on MISA-WINDOWS on 12-07-2015 17:58:53
Running from C:\Users\misa\Desktop
Loaded Profiles: misa (Available Profiles: misa)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.86.89.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.86.89.0\OverwolfHelper64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.86.89.0\OverwolfBrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\misa\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_40\bin\jusched.exe"
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-03-30] (Electronic Arts)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [GoogleChromeAutoLaunch_00D28F5606223B402D2A3E92EECA61C1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-06-21] (Overwolf LTD)
Startup: C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banished.lnk [2015-05-02]
ShortcutTarget: Banished.lnk -> C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe (No File)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4105595590-322866820-2549149084-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.1.1
Tcpip\..\Interfaces\{0E1A0E64-4BC2-4986-B025-81936BAB832C}: [DhcpNameServer] 10.10.1.1

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-31] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-4105595590-322866820-2549149084-1001: @nsroblox.roblox.com/launcher -> C:\Users\misa\AppData\Local\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4105595590-322866820-2549149084-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\misa\AppData\Local\Roblox\Versions\version-8c5c6ce7499b4544\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-30] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1000688 2015-06-21] (Overwolf LTD)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Icy Stay; "C:\Program Files (x86)\Icy Stay\Icy Stay.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 17:58 - 2015-07-12 17:59 - 00010003 _____ C:\Users\misa\Desktop\FRST.txt
2015-07-12 17:31 - 2015-07-12 17:17 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-12 17:18 - 2015-07-12 17:32 - 00012846 _____ C:\zoek-results.log
2015-07-12 17:17 - 2015-07-12 17:31 - 00000000 ____D C:\zoek_backup
2015-07-12 17:17 - 2015-07-12 17:17 - 01308672 _____ C:\Users\misa\Downloads\zoek.exe
2015-07-12 17:17 - 2015-07-12 17:17 - 01308672 _____ C:\Users\misa\Desktop\zoek.exe
2015-07-12 16:01 - 2015-07-12 16:02 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:00 - 2015-07-12 16:01 - 02248704 _____ C:\Users\misa\Desktop\adwcleaner_4.208.exe
2015-07-12 04:59 - 2015-07-12 17:58 - 00000000 ____D C:\FRST
2015-07-12 04:59 - 2015-07-12 04:59 - 00112640 _____ (forum.viry.cz) C:\Users\misa\Desktop\FRSTLauncher.exe
2015-07-12 04:58 - 2015-07-12 04:58 - 02130944 _____ (Farbar) C:\Users\misa\Desktop\FRST64.exe
2015-07-12 04:55 - 2015-07-12 04:55 - 00000000 ____D C:\rsit
2015-07-12 04:55 - 2015-07-12 04:55 - 00000000 ____D C:\Program Files\trend micro
2015-07-12 04:54 - 2015-07-12 04:54 - 01222144 _____ C:\Users\misa\Downloads\RSITx64.exe
2015-07-10 20:16 - 2015-07-11 09:07 - 00000000 ____D C:\Users\misa\AppData\Roaming\OBS
2015-07-10 20:16 - 2015-07-10 20:16 - 00000947 _____ C:\Users\misa\Desktop\Open Broadcaster Software.lnk
2015-07-10 20:16 - 2015-07-10 20:16 - 00000000 ____D C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-07-10 20:16 - 2015-07-10 20:16 - 00000000 ____D C:\Program Files\OBS
2015-07-10 20:16 - 2015-07-10 20:16 - 00000000 ____D C:\Program Files (x86)\OBS
2015-07-10 20:15 - 2015-07-10 20:15 - 07072745 _____ C:\Users\misa\Downloads\OBS_0_651b_Installer.exe
2015-07-07 22:27 - 2015-07-07 22:27 - 00000222 _____ C:\Users\misa\Desktop\Euro Truck Simulator 2.url
2015-07-06 22:05 - 2015-07-06 22:05 - 00001518 _____ C:\Users\misa\Downloads\permissions.yml
2015-07-06 22:04 - 2015-07-07 15:31 - 00000000 ____D C:\Users\misa\AppData\Roaming\Notepad++
2015-07-06 22:04 - 2015-07-06 22:04 - 00001063 _____ C:\Users\misa\Desktop\Návod na pluginy.lnk
2015-07-06 22:04 - 2015-07-06 22:04 - 00000000 ____D C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-06 22:04 - 2015-07-06 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-07-06 22:04 - 2015-07-06 22:04 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-07-06 22:03 - 2015-07-06 22:04 - 07000049 _____ C:\Users\misa\Downloads\npp.6.7.9.2.Installer.exe
2015-07-02 22:53 - 2015-07-02 22:53 - 00003728 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2015-07-02 22:52 - 2015-07-02 22:52 - 00000000 ____D C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2015-07-02 22:51 - 2015-07-03 07:22 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-07-02 22:51 - 2015-07-02 22:52 - 00000000 ____D C:\ProgramData\Overwolf
2015-07-02 22:49 - 2015-07-12 17:33 - 00000000 ____D C:\Users\misa\AppData\Local\Overwolf
2015-07-02 22:49 - 2015-07-07 22:12 - 00000000 ____D C:\Users\misa\AppData\Roaming\TS3Client
2015-07-02 22:49 - 2015-07-02 22:49 - 00001174 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-07-02 22:49 - 2015-07-02 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-07-02 22:48 - 2015-07-02 22:49 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2015-07-02 22:47 - 2015-07-02 22:48 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\misa\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2015-06-29 21:44 - 2015-06-29 21:45 - 00000000 _____ C:\Users\misa\Desktop\Znaky.txt
2015-06-29 12:47 - 2014-06-08 18:08 - 01094097 _____ C:\Users\misa\Desktop\keinett launcher Swing Craft.exe
2015-06-29 12:46 - 2015-06-29 12:46 - 00952027 _____ C:\Users\misa\Downloads\keinett launcher Swing Craft.rar
2015-06-29 12:12 - 2015-06-29 12:13 - 00000009 _____ C:\Users\misa\Desktop\Jmeno minecraft.txt
2015-06-29 12:08 - 2015-06-29 12:08 - 00952022 _____ C:\Users\misa\Downloads\KeiNett Launcher for Minecraft 1.8.rar
2015-06-29 12:08 - 2014-06-03 18:42 - 01094097 _____ C:\Users\misa\Desktop\KeiNett Launcher.exe
2015-06-22 16:24 - 2015-06-22 16:08 - 217459111 _____ C:\Users\misa\Desktop\Five-Nights-at-Freddy's-2.exe
2015-06-22 16:08 - 2015-06-22 16:09 - 00000000 ____D C:\Users\misa\AppData\Roaming\MMFApplications
2015-06-22 15:55 - 2015-06-22 16:08 - 217459111 _____ C:\Users\misa\Downloads\Five-Nights-at-Freddy's-2.exe
2015-06-22 15:47 - 2015-06-22 15:47 - 00032804 _____ C:\Users\misa\Downloads\Five-Nights-at-Freddy’s-2-Full-Crack.rar
2015-06-21 12:43 - 2015-06-21 12:59 - 00001592 _____ C:\Users\misa\Desktop\Portal 2 Spalovací Místnost.txt
2015-06-20 16:55 - 2015-06-20 16:55 - 00000000 ____D C:\Users\misa\AppData\Local\openvr
2015-06-19 19:54 - 2015-06-19 19:54 - 00000219 _____ C:\Users\misa\Desktop\Team Fortress 2.url
2015-06-19 07:24 - 2015-06-19 07:25 - 15304180 _____ C:\Users\misa\Downloads\Portal 2 Mod Maps.zip
2015-06-17 20:00 - 2015-06-17 20:00 - 00000000 ____D C:\Users\misa\AppData\Roaming\LolClient
2015-06-15 17:26 - 2015-06-15 17:26 - 00095740 _____ C:\Users\misa\Downloads\GLaDOS_Hello_again.wav
2015-06-15 17:26 - 2015-06-15 17:26 - 00090448 _____ C:\Users\misa\Downloads\GLaDOS_Game_Spot (1).wav
2015-06-15 17:25 - 2015-06-15 17:25 - 00090448 _____ C:\Users\misa\Downloads\GLaDOS_Game_Spot.wav

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 17:47 - 2015-03-22 01:33 - 01273937 _____ C:\Windows\WindowsUpdate.log
2015-07-12 17:35 - 2015-03-31 16:59 - 00000000 ____D C:\Users\misa\AppData\Roaming\Skype
2015-07-12 17:32 - 2015-04-16 20:01 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-07-12 17:31 - 2014-11-20 21:43 - 00009526 _____ C:\Windows\PFRO.log
2015-07-12 17:31 - 2013-08-22 16:46 - 00041547 _____ C:\Windows\setupact.log
2015-07-12 17:31 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 17:29 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-07-12 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-12 12:36 - 2015-06-04 12:36 - 00000376 _____ C:\Windows\Tasks\ModuleEdit.job
2015-07-11 18:58 - 2015-03-22 01:39 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4105595590-322866820-2549149084-1001
2015-07-11 18:47 - 2015-03-22 01:34 - 00000000 ____D C:\Users\misa
2015-07-11 09:08 - 2015-03-24 19:54 - 00000000 ____D C:\Users\misa\AppData\Roaming\.minecraft
2015-07-11 06:52 - 2015-06-04 14:05 - 00000024 _____ C:\Users\misa\AppData\Roaming\appdataFr25.bin
2015-07-10 21:44 - 2015-03-22 12:19 - 00000000 ____D C:\Users\misa\AppData\Roaming\ClassicShell
2015-07-09 15:34 - 2015-03-22 01:48 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-09 10:01 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-09 08:14 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-08 09:13 - 2015-03-31 16:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-08 09:13 - 2015-03-31 16:59 - 00000000 ____D C:\ProgramData\Skype
2015-07-07 22:27 - 2015-03-22 01:52 - 00000000 ____D C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-07 14:57 - 2015-04-16 14:17 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-06 23:24 - 2014-11-21 14:21 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2014-11-21 14:21 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 15:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-05 12:08 - 2015-03-22 12:39 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-01 17:24 - 2015-03-24 19:00 - 00000000 ____D C:\Users\misa\Downloads\game
2015-06-25 13:10 - 2015-04-16 14:19 - 00003838 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429186738
2015-06-25 13:10 - 2015-04-16 14:18 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-06-22 15:50 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-17 17:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-16 12:10 - 2014-11-21 06:53 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 12:10 - 2014-11-21 06:10 - 00738682 _____ C:\Windows\system32\perfh005.dat
2015-06-16 12:10 - 2014-11-21 06:10 - 00151404 _____ C:\Windows\system32\perfc005.dat

==================== Files in the root of some directories =======

2015-06-04 14:05 - 2015-07-11 06:52 - 0000024 _____ () C:\Users\misa\AppData\Roaming\appdataFr25.bin
2015-05-14 13:44 - 2015-05-14 13:44 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-11 18:58




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:924.92 GB) (Free:772.47 GB) NTFS

Available physical RAM: 4829.16 MB
Total physical RAM: 6108.66 MB
Percentage of memory in use: 20%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\ModuleEdit.job => c:\programdata\{cbaaf589-c58f-2d11-cbaa-af589c58d627}\852092035534208890b.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\misa\Desktop" je 3223 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_40\bin\jusched.exe"
  HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
  HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-03-30] (Electronic Arts)
  HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
  HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [GoogleChromeAutoLaunch_00D28F5606223B402D2A3E92EECA61C1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
  HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-06-21] (Overwolf LTD)
  Startup: C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banished.lnk [2015-05-02]
  ShortcutTarget: Banished.lnk -> C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe (No File)
  
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
  HKU\S-1-5-21-4105595590-322866820-2549149084-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  
  Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
  Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
  
  CHR Extension: (Skype Click to Call) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-12]
  CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
  
  S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
  S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
  S2 Icy Stay; "C:\Program Files (x86)\Icy Stay\Icy Stay.exe" [X]
  R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
  R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
  
  C:\Program Files (x86)\Skype\Toolbars
  2015-07-12 17:58 - 2015-07-12 17:59 - 00010003 _____ C:\Users\misa\Desktop\FRST.txt
  2015-07-12 17:31 - 2015-07-12 17:17 - 00024064 _____ C:\Windows\zoek-delete.exe
  2015-07-12 17:18 - 2015-07-12 17:32 - 00012846 _____ C:\zoek-results.log
  2015-07-12 17:17 - 2015-07-12 17:31 - 00000000 ____D C:\zoek_backup
  2015-07-12 17:17 - 2015-07-12 17:17 - 01308672 _____ C:\Users\misa\Downloads\zoek.exe
  2015-07-12 17:17 - 2015-07-12 17:17 - 01308672 _____ C:\Users\misa\Desktop\zoek.exe
  2015-07-12 16:01 - 2015-07-12 16:02 - 00000000 ____D C:\AdwCleaner
  2015-07-12 16:00 - 2015-07-12 16:01 - 02248704 _____ C:\Users\misa\Desktop\adwcleaner_4.208.exe
  2015-07-12 04:59 - 2015-07-12 04:59 - 00112640 _____ (forum.viry.cz) C:\Users\misa\Desktop\FRSTLauncher.exe
  2015-07-12 04:55 - 2015-07-12 04:55 - 00000000 ____D C:\rsit
  2015-07-12 04:55 - 2015-07-12 04:55 - 00000000 ____D C:\Program Files\trend micro
  2015-07-12 04:54 - 2015-07-12 04:54 - 01222144 _____ C:\Users\misa\Downloads\RSITx64.exe
  
  Task: C:\Windows\Tasks\ModuleEdit.job => c:\programdata\{cbaaf589-c58f-2d11-cbaa-af589c58d627}\852092035534208890b.exe <==== ATTENTION
  c:\programdata\{cbaaf589-c58f-2d11-cbaa-af589c58d627}
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Pořád se děje to samé

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by misa at 2015-07-13 14:59:13 Run:1
Running from C:\Users\misa\Desktop
Loaded Profiles: misa (Available Profiles: misa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_40\bin\jusched.exe"
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-03-30] (Electronic Arts)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [GoogleChromeAutoLaunch_00D28F5606223B402D2A3E92EECA61C1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-06-21] (Overwolf LTD)
Startup: C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banished.lnk [2015-05-02]
ShortcutTarget: Banished.lnk -> C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe (No File)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

CHR Extension: (Skype Click to Call) - C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Icy Stay; "C:\Program Files (x86)\Icy Stay\Icy Stay.exe" [X]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)

C:\Program Files (x86)\Skype\Toolbars
2015-07-12 17:58 - 2015-07-12 17:59 - 00010003 _____ C:\Users\misa\Desktop\FRST.txt
2015-07-12 17:31 - 2015-07-12 17:17 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-12 17:18 - 2015-07-12 17:32 - 00012846 _____ C:\zoek-results.log
2015-07-12 17:17 - 2015-07-12 17:31 - 00000000 ____D C:\zoek_backup
2015-07-12 17:17 - 2015-07-12 17:17 - 01308672 _____ C:\Users\misa\Downloads\zoek.exe
2015-07-12 17:17 - 2015-07-12 17:17 - 01308672 _____ C:\Users\misa\Desktop\zoek.exe
2015-07-12 16:01 - 2015-07-12 16:02 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:00 - 2015-07-12 16:01 - 02248704 _____ C:\Users\misa\Desktop\adwcleaner_4.208.exe
2015-07-12 04:59 - 2015-07-12 04:59 - 00112640 _____ (forum.viry.cz) C:\Users\misa\Desktop\FRSTLauncher.exe
2015-07-12 04:55 - 2015-07-12 04:55 - 00000000 ____D C:\rsit
2015-07-12 04:55 - 2015-07-12 04:55 - 00000000 ____D C:\Program Files\trend micro
2015-07-12 04:54 - 2015-07-12 04:54 - 01222144 _____ C:\Users\misa\Downloads\RSITx64.exe

Task: C:\Windows\Tasks\ModuleEdit.job => c:\programdata\{cbaaf589-c58f-2d11-cbaa-af589c58d627}\852092035534208890b.exe <==== ATTENTION
c:\programdata\{cbaaf589-c58f-2d11-cbaa-af589c58d627}

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value removed successfully
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EADM => value removed successfully
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value removed successfully
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_00D28F5606223B402D2A3E92EECA61C1 => value removed successfully
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Overwolf => value removed successfully
C:\Users\misa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banished.lnk => moved successfully.
C:\ProgramData\{a2a50723-8307-85f4-a2a5-507238301c8e}\Banished.exe not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4105595590-322866820-2549149084-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
C:\Users\misa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => moved successfully.
gupdate => Service removed successfully
gupdatem => Service removed successfully
Icy Stay => Service removed successfully
c2cautoupdatesvc => Service removed successfully
c2cpnrsvc => Service removed successfully
C:\Program Files (x86)\Skype\Toolbars => moved successfully.
"C:\Users\misa\Desktop\FRST.txt" => File/Folder not found.
C:\Windows\zoek-delete.exe => moved successfully.
C:\zoek-results.log => moved successfully.
C:\zoek_backup => moved successfully.
C:\Users\misa\Downloads\zoek.exe => moved successfully.
C:\Users\misa\Desktop\zoek.exe => moved successfully.
C:\AdwCleaner => moved successfully.
C:\Users\misa\Desktop\adwcleaner_4.208.exe => moved successfully.
"C:\Users\misa\Desktop\FRSTLauncher.exe" => File/Folder not found.
C:\rsit => moved successfully.
C:\Program Files\trend micro => moved successfully.
C:\Users\misa\Downloads\RSITx64.exe => moved successfully.
C:\Windows\Tasks\ModuleEdit.job => moved successfully.
"c:\programdata\{cbaaf589-c58f-2d11-cbaa-af589c58d627}" => File/Folder not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 120.8 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 14:59:33 ====

Jak se chova PC??

Řekl bych, že mimo prohlížeč je to v pohodě. Akorát pořád mi vyskakují popupy, mám všude bannery (i tady) a některá slova to transformuje na odkazy (jako třeba z Hosts: mi to udělalo odkaz HOSTS na nějakou blbost)

Dela to ve vsech prohlizecich nebo jen v nejakem konkretnim??

Šel jsem do záložky s pluginy v Chromu a tam byl pořád aktivovaný ten malware - nainstaloval se mi totiž i přímo do Chromu. Tak jsem ho z toho smazal vypadá to, že se už dále neobnovuje, tak doufám, že to snad bude v pořádku, když jsem takto pročistil PC. Díky za pomoc.

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse