VIRY.CZ

Dobrý den.

Mám problém. Žádný prohlížeč v NTB nezorazí webové stránky. Ping jde na název i IP, aktualizace windows i SW se normálně stahují. Když zadám do prohlížeče ip Seznamu, načte se. NTB byl silně zavirovaný a asi ještě trochu bude
Čistil jsem ho NODem, MBAMem a v zoufalství jsem na něj poštval i Combofix... Problém přetrvává...

Přikládám log z RSIT i Combofix..

RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by expert hb at 2015-10-19 18:24:10
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 361 GB (61%) free of 595 GB
Total RAM: 3765 MB (61% free)

HijackThis download failed

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 2466480
\??\C:\Windows\system32\conhost.exe "1971394259-546173167607810409-1409417437-110181731466055995415756279241656999384
C:\Windows\System32\spoolsv.exe
taskeng.exe {805DA3B9-DA9A-4395-A641-A15BA1DC3EEE}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
taskeng.exe {328862E4-BF35-434D-91D6-6190AF14F2E8}
"C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe -Embedding
C:\Windows\system32\igfxsrvc.exe -Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup
"C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"
"C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Program Files (x86)\Steam\config\htmlcache" -cookiepath "C:\Program Files (x86)\Steam\config\cookies" -steampid 2136 --blacklist-accelerated-compositing --process-per-tab --disable-accelerated-video-decode --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-accelerated-video-decode --disable-delegated-renderer --disable-gpu-compositing --disable-threaded-compositing --enable-pinch --enable-software-compositing --no-sandbox --enable-direct-write --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-accelerated-compositing --disable-gpu-compositing --channel="1204.0.1681254764\1459316289" /prefetch:673131151
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-accelerated-video-decode --disable-delegated-renderer --disable-gpu-compositing --disable-threaded-compositing --enable-pinch --enable-software-compositing --no-sandbox --enable-direct-write --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-accelerated-compositing --disable-gpu-compositing --channel="1204.1.1897015439\1355315791" /prefetch:673131151
taskeng.exe {4FFE1512-1C86-4D42-A1CF-F67ABC7A1CF5}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-16b8ef7d-4f6c-441a-9976-654e630fb56e -SystemEventPortName:HostProcess-6277bb56-1777-43a6-9489-1c25b5105438 -IoCancelEventPortName:HostProcess-4cf30742-1def-41c1-bebe-6a4114cbf9a9 -NonStateChangingEventPortName:HostProcess-42feb947-475d-48b1-8e11-076820037c14 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:eac02fe5-05f1-4e2e-b7a7-0ff1ad15979b -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc" /s
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"E:\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001Core.job - C:\Users\expert hb\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001UA.job - C:\Users\expert hb\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default

prefs.js - "keyword.URL" - "http://mystart.incredibar.com/?a=6PQXaB ... kw&search="

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\IB Updater\Firefox
"{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}"=C:\Program Files\IB Updater\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe� Flash� Player 19.0.0.185 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0]
"Description"=Exent® AOD Gecko Plugin
"Path"=C:\Program Files (x86)\FantastiGames\npExentCtl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget]
"Description"=
"Path"=C:\Program Files (x86)\FantastiGames\NPGameTreatPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe� Flash� Player 19.0.0.185 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll


C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\extensions\
ffxtlbr@incredibar.com

C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\searchplugins\
MyStart Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-05-09 168216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-05-09 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-05-09 416024]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-28 2723624]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072]
"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-05-02 1935120]
"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-07-12 226904]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2015-01-24 1942720]
"Exetender"=C:\Program Files (x86)\FantastiGames\GPlayer.exe [2014-04-22 4924296]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-04-02 340848]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2011-03-29 408432]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2011-03-29 202608]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-02 1155928]
"BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440]
"ArcadeMovieService"=C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-05-10 177448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-04-15 385024]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-10-19 18:24:10 ----D---- C:\rsit
2015-10-19 18:24:10 ----D---- C:\Program Files\trend micro
2015-10-14 22:31:04 ----SHD---- C:\$RECYCLE.BIN
2015-10-14 22:30:58 ----A---- C:\ComboFix.txt
2015-10-14 22:15:59 ----A---- C:\Windows\PEV.exe
2015-10-14 22:15:59 ----A---- C:\Windows\NIRCMD.exe
2015-10-14 22:15:59 ----A---- C:\Windows\MBR.exe
2015-10-14 22:15:58 ----A---- C:\Windows\zip.exe
2015-10-14 22:15:58 ----A---- C:\Windows\SWSC.exe
2015-10-14 22:15:58 ----A---- C:\Windows\SWREG.exe
2015-10-14 22:15:58 ----A---- C:\Windows\sed.exe
2015-10-14 22:15:58 ----A---- C:\Windows\grep.exe
2015-10-14 22:15:34 ----D---- C:\Qoobox
2015-10-14 22:15:06 ----D---- C:\Windows\erdnt
2015-10-11 16:53:52 ----D---- C:\Program Files (x86)\ESET
2015-10-11 16:39:11 ----A---- C:\Windows\ntbtlog.txt
2015-09-20 17:20:12 ----D---- C:\Windows\system32\duq
2015-09-20 17:20:08 ----D---- C:\Windows\TEMPfolder

======List of files/folders modified in the last 1 month======

2015-10-19 18:24:10 ----RD---- C:\Program Files
2015-10-19 18:23:48 ----D---- C:\Windows\Temp
2015-10-19 18:16:25 ----D---- C:\ProgramData\clear.fi
2015-10-19 18:16:15 ----D---- C:\Program Files (x86)\Steam
2015-10-16 00:17:43 ----AD---- C:\book
2015-10-15 21:46:41 ----D---- C:\Windows\System32
2015-10-15 21:46:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-15 21:35:21 ----D---- C:\Windows\system32\drivers\etc
2015-10-14 22:39:17 ----SD---- C:\ProgramData\Microsoft
2015-10-14 22:28:01 ----D---- C:\Windows
2015-10-14 22:28:01 ----A---- C:\Windows\system.ini
2015-10-14 22:26:34 ----D---- C:\Windows\SysWOW64
2015-10-14 22:26:33 ----RD---- C:\Program Files (x86)
2015-10-14 22:26:33 ----D---- C:\ProgramData
2015-10-14 22:23:36 ----D---- C:\Windows\SYSWOW64\drivers
2015-10-14 22:23:36 ----D---- C:\Windows\AppPatch
2015-10-14 22:23:34 ----D---- C:\Program Files (x86)\Common Files
2015-10-14 22:15:35 ----D---- C:\Windows\system32\drivers
2015-10-14 21:43:50 ----SHD---- C:\System Volume Information
2015-10-14 21:36:22 ----SHD---- C:\Windows\Installer
2015-10-14 21:36:22 ----D---- C:\Config.Msi
2015-10-14 21:36:21 ----D---- C:\Windows\system32\Tasks
2015-10-12 01:04:59 ----D---- C:\Windows\SYSWOW64\mjcm
2015-10-12 01:04:58 ----D---- C:\Windows\SYSWOW64\jmdp
2015-10-12 01:04:29 ----D---- C:\Windows\SYSWOW64\ARFC
2015-10-12 01:04:24 ----D---- C:\Windows\system32\tprb
2015-10-12 01:04:23 ----D---- C:\Windows\system32\ljkb
2015-10-12 00:09:31 ----D---- C:\Program Files\IB Updater
2015-10-12 00:09:29 ----D---- C:\Program Files\daugava
2015-10-11 17:43:39 ----D---- C:\Windows\Prefetch
2015-10-06 18:35:08 ----D---- C:\Windows\system32\NDF
2015-10-04 14:36:16 ----D---- C:\Windows\Tasks
2015-10-04 14:36:16 ----D---- C:\Windows\system32\wfp
2015-10-04 14:36:12 ----D---- C:\Windows\system32\wbem
2015-10-04 14:35:28 ----D---- C:\Windows\system32\config
2015-10-04 14:35:21 ----D---- C:\Windows\system32\DriverStore
2015-10-04 14:35:21 ----D---- C:\Windows\system32\catroot2
2015-10-04 14:35:21 ----D---- C:\Windows\inf
2015-10-04 14:35:15 ----D---- C:\ProgramData\McAfee Security Scan
2015-10-04 14:35:12 ----D---- C:\Windows\registration
2015-09-30 16:04:18 ----A---- C:\Windows\SYSWOW64\log.txt
2015-09-26 22:14:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-09-20 17:20:12 ----A---- C:\Windows\system32\dnsapi.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-03-31 25960]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-05 283200]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-27 22648]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-27 20520]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-27 62776]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
R2 X5XSEx_Pr143;X5XSEx_Pr143; \??\C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [2013-07-18 56584]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-04-15 12228128]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-14 2899176]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-28 1417776]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-07-05 112512]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 cherimoya;cherimoya; C:\Windows\system32\drivers\cherimoya.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-11 193696]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-05-02 1517328]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-02 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-03-31 993896]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-31 2009704]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-05-02 844560]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-01-24 834752]
S2 65f825de-0adc-4791-a1e5-209aa6f7ea76;65f825de-0adc-4791-a1e5-209aa6f7ea76; C:\Program Files\daugava\Upbgbeie.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-09-16 325656]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-26 269000]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-11 247968]
S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-17 655624]
S3 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2015-01-09 347200]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2015-01-09 265808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-08-12 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-06 1255736]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 csrcc;csrcc; C:\Program Files\daugava\csrcc.exe []
S4 daugava Updater;daugava Updater; C:\Program Files\daugava\Weekfqwb.exe []
S4 IB Updater;IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe []
S4 IBUpdaterService;IBUpdaterService; C:\Windows\system32\dmwu.exe []
S4 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 288776]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------



Combofix:

ComboFix 15-10-09.01 - expert hb 14.10.2015 22:18:25.1.2 - x64
Spuštěný z: c:\users\expert hb\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\programdata\Roaming
c:\users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal
c:\users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage
c:\users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\expert hb\AppData\Local\Microsoft\Windows\Temporary Internet Files\WidevineMediaOptimizerChromeAdmin.exe
c:\users\expert hb\AppData\Local\Torch\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
c:\users\expert hb\AppData\Local\Torch\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\background.html
c:\users\expert hb\AppData\Local\Torch\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\libraries\ContentScript.js
c:\users\expert hb\AppData\Local\Torch\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\libraries\DataExchangeScript.js
c:\users\expert hb\AppData\Local\Torch\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\manifest.json
c:\users\expert hb\AppData\Local\Torch\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll
c:\users\expert hb\AppData\Local\Torch\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\resources\localscript.js
c:\users\expert hb\AppData\Local\Torch\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal
c:\users\expert hb\AppData\Local\Torch\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage
c:\users\expert hb\AppData\Local\Torch\User Data\Default\Preferences
c:\windows\msdownld.tmp
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\Wav
c:\windows\SysWow64\Wav\Joy1.wav
c:\windows\SysWow64\Wav\Joy2.wav
c:\windows\SysWow64\Wav\Joy3.wav
c:\windows\SysWow64\Wav\Joy4.wav
c:\windows\SysWow64\Wav\Joy5.wav
c:\windows\SysWow64\Wav\Joy6.wav
c:\windows\SysWow64\Wav\Joy7.wav
c:\windows\SysWow64\Wav\Joy8.wav
c:\windows\SysWow64\Wav\Joy9.wav
c:\windows\SysWow64\Wav\Joya.wav
c:\windows\SysWow64\Wav\Joyb.wav
c:\windows\SysWow64\Wav\Joyc.wav
c:\windows\SysWow64\WNLT
c:\windows\SysWow64\WNLT\Installation\Config.bin
c:\windows\SysWow64\WNLT\Installation\NTSetup.exe
c:\windows\SysWow64\WNLT\Installation\SWDS.bin
c:\windows\SysWow64\WNLT\Installation\Uninstall\msvcp100.dll
c:\windows\SysWow64\WNLT\Installation\Uninstall\msvcr100.dll
c:\windows\SysWow64\WNLT\Installation\Uninstall\uninstaller.exe
c:\windows\SysWow64\WNLT\Installation\Uninstall\UninstallerLauncher.exe
c:\windows\SysWow64\WNLT\Installation\uninstaller.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-09-14 do 2015-10-14 )))))))))))))))))))))))))))))))
.
.
2015-10-14 20:27 . 2015-10-14 20:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-10-14 20:27 . 2015-10-14 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-14 19:10 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F76AA400-B587-485F-AC6C-C6B34D8D250C}\mpengine.dll
2015-10-11 15:03 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-11 14:53 . 2015-10-11 14:53 -------- d-----w- c:\program files (x86)\ESET
2015-10-04 20:12 . 2015-10-04 20:12 -------- d-----w- c:\users\expert hb\AppData\Local\ElevatedDiagnostics
2015-09-23 16:49 . 2015-07-02 08:36 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B688B22-B5AE-4603-8BB4-79FC2840644E}\gapaengine.dll
2015-09-20 15:20 . 2015-09-20 15:20 -------- d-----w- c:\windows\system32\duq
2015-09-20 15:20 . 2015-09-27 15:20 -------- d-----w- c:\windows\TEMPfolder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-26 20:14 . 2013-01-05 18:55 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-26 20:14 . 2011-07-27 03:05 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-20 15:20 . 2011-07-14 05:28 357888 ----a-w- c:\windows\system32\dnsapi.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-01-23 1942720]
"Exetender"="c:\program files (x86)\FantastiGames\GPlayer.exe" [2014-04-22 4924296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-10 177448]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\FantastiGames\GPlayer.exe" [2014-04-22 4924296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 65f825de-0adc-4791-a1e5-209aa6f7ea76;65f825de-0adc-4791-a1e5-209aa6f7ea76;c:\program files\daugava\Upbgbeie.exe;c:\program files\daugava\Upbgbeie.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 csrcc;csrcc;c:\program files\daugava\csrcc.exe;c:\program files\daugava\csrcc.exe [x]
R4 daugava Updater;daugava Updater;c:\program files\daugava\Weekfqwb.exe;c:\program files\daugava\Weekfqwb.exe [x]
R4 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe;c:\program files\IB Updater\ExtensionUpdaterService.exe [x]
R4 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-27 15:04 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 20:14]
.
2015-10-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001Core.job
- c:\users\expert hb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-30 11:12]
.
2015-10-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001UA.job
- c:\users\expert hb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-30 11:12]
.
2015-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05 13:32]
.
2015-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05 13:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.253
FF - ProfilePath - c:\users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/?a=6PQXaB3Hdu&i=26&loc=skw&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQXaB3Hdu&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - b6f4b1ad00000000000078929c54e519
FF - user.js: extensions.incredibar_i.instlDay - 15733
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1412:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQXaB3Hdu
FF - user.js: extensions.incredibar_i.upn2n - 92544349544767144
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Allin1Convert_8h Chrome Extension Uninstall - c:\program files (x86)\Allin1Convert_8h Chrome Extension\bar\Allin1ConvertCrxSetup.2EA8C610-3AD4-4D49-99DE-9298AD140DAB.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-WNLT - c:\windows\SysWOW64\WNLT\Installation\Uninstall\UninstallerLauncher.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-10-14 22:30:57
ComboFix-quarantined-files.txt 2015-10-14 20:30
.
Před spuštěním: Volných bajtů: 377 482 190 848
Po spuštění: Volných bajtů: 378 235 842 560
.
- - End Of File - - 9C4652FB2D6C6679615C3FB0447469A6


Díky za pomoc

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte

.

Log AdwCleaner

# AdwCleaner v5.014 - Logfile created 19/10/2015 at 18:59:46
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : expert hb - EXPERTHB-PC
# Running from : C:\Users\expert hb\Desktop\adwcleaner_5.014.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : cherimoya
[-] Service Deleted : csrcc
[-] Service Deleted : IB Updater
[-] Service Deleted : IBUpdaterService
[-] Service Deleted : daugava Updater
[-] Service Deleted : 65f825de-0adc-4791-a1e5-209aa6f7ea76
[!] Service Not Deleted : csrcc
[!] Service Not Deleted : daugava Updater
[!] Service Not Deleted : 65f825de-0adc-4791-a1e5-209aa6f7ea76

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\IB Updater
[-] Folder Deleted : C:\Program Files\daugava
[!] Folder Not Deleted : C:\Program Files\daugava
[-] Folder Deleted : C:\Program Files (x86)\FantastiGames
[-] Folder Deleted : C:\Program Files (x86)\Allin1Convert_8h Chrome Extension
[-] Folder Deleted : C:\ProgramData\Babylon
[-] Folder Deleted : C:\ProgramData\FantastiGames
[-] Folder Deleted : C:\ProgramData\torchcrashhandler
[-] Folder Deleted : C:\Users\expert hb\AppData\Local\Babylon
[-] Folder Deleted : C:\Users\expert hb\AppData\Local\iLivid
[-] Folder Deleted : C:\Users\expert hb\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\expert hb\AppData\Local\torch
[-] Folder Deleted : C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjbpmkagjlnhcmdpmbagjldaknbgnff
[-] Folder Deleted : C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
[!] Folder Not Deleted : C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjbpmkagjlnhcmdpmbagjldaknbgnff
[-] Folder Deleted : C:\Users\expert hb\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\expert hb\AppData\Roaming\Babylon
[-] Folder Deleted : C:\Users\expert hb\AppData\Roaming\iWin
[-] Folder Deleted : C:\Users\expert hb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[-] Folder Deleted : C:\Users\expert hb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
[-] Folder Deleted : C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\Extensions\ffxtlbr@incredibar.com
[-] Folder Deleted : C:\Windows\SysNative\ARFC
[-] Folder Deleted : C:\Windows\SysNative\ljkb
[-] Folder Deleted : C:\Windows\SysNative\tprb
[-] Folder Deleted : C:\Windows\SysWOW64\ARFC
[-] Folder Deleted : C:\Windows\SysWOW64\jmdp
[-] Folder Deleted : C:\Windows\SysWOW64\mjcm
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ortmp

***** [ Files ] *****

[-] File Deleted : C:\user.js
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\FantastiGames.lnk
[-] File Deleted : C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhjbpmkagjlnhcmdpmbagjldaknbgnff_0.localstorage
[-] File Deleted : C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhjbpmkagjlnhcmdpmbagjldaknbgnff_0.localstorage-journal
[-] File Deleted : C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhjbpmkagjlnhcmdpmbagjldaknbgnff_0.localstorage
[-] File Deleted : C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhjbpmkagjlnhcmdpmbagjldaknbgnff_0.localstorage-journal
[-] File Deleted : C:\Users\expert hb\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Users\expert hb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[-] File Deleted : C:\Users\expert hb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[-] File Deleted : C:\Users\expert hb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
[-] File Deleted : C:\Users\expert hb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[-] File Deleted : C:\Users\expert hb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[-] File Deleted : C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\searchplugins\MyStart Search.xml
[-] File Deleted : C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\user.js
[-] File Deleted : C:\Users\expert hb\Desktop\Facebook.lnk
[-] File Deleted : C:\Users\expert hb\Desktop\Play Free Games.lnk
[-] File Deleted : C:\Users\expert hb\Desktop\Torch.lnk
[-] File Deleted : C:\Users\expert hb\Desktop\Youtube.lnk
[-] File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[-] File Deleted : C:\Users\Public\Desktop\More FREE games.lnk
[-] File Deleted : C:\Users\Public\Desktop\Play Free Games.lnk
[-] File Deleted : C:\Windows\SysNative\ImhxxpComm.dll

***** [ DLLs ] *****

[-] File Disinfected : C:\Windows\SysNative\dnsapi.dll
[-] File Restored : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Cawlez

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
[-] Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
[-] Key Deleted : HKLM\SOFTWARE\Classes\I
[-] Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
[-] Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhjbpmkagjlnhcmdpmbagjldaknbgnff
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
[!] Key Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhjbpmkagjlnhcmdpmbagjldaknbgnff
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ecc63d53-62ce-46ca-b6a5-8a0a6de1107f}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6265CAFB-2688-4AED-A8CD-9B1E7B451C85}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
[-] Key Deleted : HKU\.DEFAULT\Software\IM
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKU\.DEFAULT\Software\SweetIM
[-] Key Deleted : HKU\.DEFAULT\Software\WNLT
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKCU\Software\torch
[-] Key Deleted : HKCU\Software\WNLT
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\BabylonToolbar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\IB Updater
[-] Key Deleted : HKLM\SOFTWARE\incredibar.com
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\torch
[-] Key Deleted : HKLM\SOFTWARE\daugava
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Allin1Convert_8h Chrome Extension Uninstall
[!] Key Not Deleted : [x64] HKCU\Software\ilivid
[!] Key Not Deleted : [x64] HKCU\Software\IM
[!] Key Not Deleted : [x64] HKCU\Software\ImInstaller
[!] Key Not Deleted : [x64] HKCU\Software\SweetIM
[!] Key Not Deleted : [x64] HKCU\Software\torch
[!] Key Not Deleted : [x64] HKCU\Software\WNLT
[!] Key Not Deleted : [x64] HKCU\Software\Hola
[-] Key Deleted : [x64] HKLM\SOFTWARE\IB Updater
[-] Key Deleted : [x64] HKLM\SOFTWARE\SweetIM
[-] Key Deleted : [x64] HKLM\SOFTWARE\WNLT
[-] Key Deleted : [x64] HKLM\SOFTWARE\daugava
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f179b4aa-3249-4e0e-a45a-8519d6bcd424}_is1
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
[!] Data Not Restored : HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
[-] Data Restored : HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/?a=6PQXaB3Hdu&i=26&loc=skw");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=119816&babsrc=NT_ss&mntrId=b6f4b1ad00000000000078929c54e519");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.admin", false);
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.cntry", "CZ");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.dfltLng", "");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.dfltSrch", false);
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.did", "10643");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.envrmnt", "production");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.excTlbr", false);
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.hdrMd5", "4A8EBC8C552D06E1ABBB458FCF70D6ED");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.hmpg", false);
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.id", "b6f4b1ad00000000000078929c54e519");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.installerproductid", "26");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.instlDay", "15733");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.instlRef", "");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1412:48:45");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.newTab", false);
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.ppd", "1");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.productid", "26");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.sg", "none");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.smplGrp", "none");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.tlbrId", "base");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQXaB3Hdu&loc=IB_TB&i=26&search=");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.upn2", "6PQXaB3Hdu");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.upn2n", "92544349544767144");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1412:48:45");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.did", "10643");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.id", "b6f4b1ad00000000000078929c54e519");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.instlDay", "15733");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.instlRef", "");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.newTab", false);
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.ppd", "1");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.productid", "26");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQXaB3Hdu&loc=IB_TB&i=26&search=");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.upn2", "6PQXaB3Hdu");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.upn2n", "92544349544767144");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:48:45");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/?a=6PQXaB3Hdu&i=26&loc=skw&search=");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...]
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://search.babylon.com/?affID=119816&babsrc=HP_ss&mntrId=b6f4b1ad00000000000078929c54e519/8641364910269130");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://search.babylon.com/?affID=119816&babsrc=HP_ss&mntrId=b6f4b1ad00000000000078929c54e519");
[-] [C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default\prefs.js] [Preference] Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
[-] [C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : babylon.com
[-] [C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystart.incredibar.com/
[-] [C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://mystart.incredibar.com/?a=6PQXaB3Hdu&i=26&did=10963&loc=skw&search={searchTerms}
[-] [C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dhjbpmkagjlnhcmdpmbagjldaknbgnff
[-] [C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dhjbpmkagjlnhcmdpmbagjldaknbgnff
[-] [C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogccgbmabaphcakpiclgcnmcnimhokcj

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [29973 bytes] ##########

AdwCleaner zafungoval - weby se načítají

Díky.

Jj. A vy příště nespouštějte ComboFix sám jako laik. Je to profi utilita, kterou si snadno můžete poškodit systém, nebo ěnkterou aplikaci. Ještě dočistíme. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
Ran by expert hb (administrator) on EXPERTHB-PC (19-10-2015 21:12:14)
Running from C:\Users\expert hb\Desktop
Loaded Profiles: UpdatusUser & expert hb (Available Profiles: UpdatusUser & expert hb)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Users\expert hb\AppData\Local\Torch\Application\torch.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-29] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-05-10] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\Run: [Exetender] => "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\Run: [Facebook Update] => C:\Users\expert hb\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-30] (Facebook Inc.)
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\Run: [Twoo] => C:\Users\expert hb\AppData\Roaming\Massive Media\Twoo.exe [10476000 2013-10-03] (Massive Media)
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-24] (Valve Corporation)
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\RunOnce: [Adobe Speed Launcher] => 1422610116
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\MountPoints2: {3d5b617b-85a6-11e2-b35c-3860776bf897} - F:\ral.exe
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\MountPoints2: {9140dba9-67b3-11e3-b28c-3860776bf897} - E:\StartVMCLite.exe
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\MountPoints2: {9140dbaf-67b3-11e3-b28c-3860776bf897} - E:\StartVMCLite.exe
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-24] (Valve Corporation)
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\...\Run: [Exetender] => "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_Plugin.exe [1156296 2015-09-26] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files (x86)\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-03-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-03-31] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-10-14] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.253
Tcpip\..\Interfaces\{25DD3B7E-07BE-4288-B9CC-142968DCFF92}: [DhcpNameServer] 192.168.1.253
Tcpip\..\Interfaces\{41A36D86-CC3E-4892-8590-E408EF003828}: [NameServer] 0.0.0.0
Tcpip\..\Interfaces\{C895E752-10BA-4655-BBEC-586EB4B0E543}: [DhcpNameServer] 192.168.1.253

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQXaB3Hdu&loc=skw&search={searchTerms}&i=26&did=10963
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=b6f4b1ad00000000000078929c54e519
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQXaB3Hdu&loc=skw&search={searchTerms}&i=26&did=10963
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\expert hb\AppData\Roaming\Mozilla\Firefox\Profiles\tarlb5dg.default
FF DefaultSearchEngine: MyStart Search
FF SelectedSearchEngine: MyStart Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-26] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-26] ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\FantastiGames\npExentCtl.dll [No File]
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll [2015-01-09] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FantastiGames\NPGameTreatPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3677846648-1546636431-3061940598-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\expert hb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3677846648-1546636431-3061940598-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\expert hb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3677846648-1546636431-3061940598-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FantastiGames\npGameTreatWidget.dll [No File]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-08-12] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Music Box) - C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaddliknddhjhjcofimffekgonpkom [2015-09-05]
CHR Extension: (Docs) - C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-14]
CHR Extension: (Disk Google) - C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-14]
CHR Extension: (YouTube) - C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-14]
CHR Extension: (Vyhledávání Google) - C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-03]
CHR Extension: (Gmail) - C:\Users\expert hb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-01-09] (WildTangent)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-05] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-19 21:12 - 2015-10-19 21:12 - 00019675 _____ C:\Users\expert hb\Desktop\FRST.txt
2015-10-19 21:12 - 2015-10-19 21:12 - 00000000 ____D C:\FRST
2015-10-19 21:11 - 2015-10-19 13:10 - 02196992 _____ (Farbar) C:\Users\expert hb\Desktop\FRST64.exe
2015-10-19 19:03 - 2011-07-14 07:28 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-10-19 18:58 - 2015-10-19 18:59 - 00000000 ____D C:\AdwCleaner
2015-10-19 18:58 - 2015-10-19 18:53 - 01691648 _____ C:\Users\expert hb\Desktop\adwcleaner_5.014.exe
2015-10-19 18:24 - 2015-10-19 18:24 - 00000000 ____D C:\rsit
2015-10-19 18:24 - 2015-10-19 18:24 - 00000000 ____D C:\Program Files\trend micro
2015-10-14 22:30 - 2015-10-14 22:30 - 00023834 _____ C:\ComboFix.txt
2015-10-14 22:27 - 2015-10-14 22:27 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.xxx
2015-10-14 22:15 - 2015-10-14 22:31 - 00000000 ____D C:\Qoobox
2015-10-14 22:15 - 2015-10-14 22:29 - 00000000 ____D C:\Windows\erdnt
2015-10-14 22:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-14 22:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-14 22:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-14 22:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-14 22:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-14 22:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-14 22:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-14 22:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-11 16:53 - 2015-10-11 16:53 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-20 17:20 - 2015-09-27 17:20 - 00000000 ____D C:\Windows\TEMPfolder
2015-09-20 17:20 - 2015-09-20 17:20 - 00000000 ____D C:\Windows\system32\duq

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-19 21:11 - 2015-01-21 19:50 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-19 21:03 - 2013-01-05 20:50 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-19 20:51 - 2013-01-05 20:55 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-19 19:24 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-19 19:24 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-19 19:21 - 2011-09-17 23:22 - 01788686 _____ C:\Windows\WindowsUpdate.log
2015-10-19 19:14 - 2012-11-11 20:59 - 00003998 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{54D41E87-7E75-4A00-B5F6-9BB9464918AF}
2015-10-19 19:09 - 2013-01-05 20:50 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-19 19:09 - 2012-01-11 17:35 - 00000000 ____D C:\ProgramData\clear.fi
2015-10-19 19:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-19 19:09 - 2009-07-14 06:51 - 00174823 _____ C:\Windows\setupact.log
2015-10-19 18:18 - 2012-10-30 13:13 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001UA.job
2015-10-19 18:16 - 2013-03-03 19:01 - 00000000 ____D C:\Users\expert hb\AppData\LocalLow\Temp
2015-10-16 00:17 - 2012-01-11 17:29 - 00000000 ____D C:\book
2015-10-15 21:46 - 2011-09-18 00:10 - 05783678 _____ C:\Windows\system32\perfh005.dat
2015-10-15 21:46 - 2011-09-18 00:10 - 01923082 _____ C:\Windows\system32\perfc005.dat
2015-10-15 21:46 - 2009-07-14 07:13 - 00006532 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-14 22:31 - 2010-11-21 05:47 - 00100134 _____ C:\Windows\PFRO.log
2015-10-14 22:28 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-10-14 21:36 - 2015-07-07 10:57 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-11 23:06 - 2009-07-14 07:08 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-11 16:39 - 2014-04-20 17:39 - 00130560 ___SH C:\Users\expert hb\Desktop\Thumbs.db
2015-10-07 16:22 - 2014-08-25 10:07 - 00000000 ____D C:\Users\expert hb\AppData\Local\SWDS
2015-10-06 18:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-06 15:04 - 2012-10-30 13:13 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001Core.job
2015-10-05 15:40 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-04 14:36 - 2012-01-11 16:46 - 00000000 ____D C:\Users\expert hb
2015-10-04 14:35 - 2014-02-01 20:46 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-10-04 14:35 - 2012-01-11 16:47 - 00000000 ____D C:\Users\expert hb\AppData\Local\PowerCinema
2015-10-04 14:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-09-26 22:14 - 2013-01-05 20:55 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-26 22:14 - 2013-01-05 20:55 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-26 22:14 - 2011-07-27 05:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-20 13:53 - 2014-02-01 20:43 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-09-20 13:53 - 2011-07-27 05:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

==================== Files in the root of some directories =======

2014-05-14 22:51 - 2014-05-14 22:51 - 0004608 _____ () C:\Users\expert hb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-03 17:28 - 2015-06-03 17:28 - 0000000 _____ () C:\Users\expert hb\AppData\Local\{B7954580-7726-4E3A-875F-4B6DBF17E911}
2011-09-17 23:46 - 2011-09-17 23:48 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log

Some files in TEMP:
====================
C:\Users\expert hb\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-19 19:43

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\Run: [Facebook Update] => C:\Users\expert hb\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-30] (Facebook Inc.)
C:\Users\expert hb\AppData\Local\Facebook\Update
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\MountPoints2: {3d5b617b-85a6-11e2-b35c-3860776bf897} - F:\ral.exe
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\MountPoints2: {9140dba9-67b3-11e3-b28c-3860776bf897} - E:\StartVMCLite.exe
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\MountPoints2: {9140dbaf-67b3-11e3-b28c-3860776bf897} - E:\StartVMCLite.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL =
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQXaB ... kw&search={searchTerms}&i=26&did=10963
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=b6f4b1ad00000000000078929c54e519
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQXaB ... kw&search={searchTerms}&i=26&did=10963
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine: MyStart Search
FF SelectedSearchEngine: MyStart Search
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-3677846648-1546636431-3061940598-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FantastiGames\npGameTreatWidget.dll [No File]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-08-12] <==== ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001Core.job
C:\ProgramData\McAfee Security Scan
C:\Users\expert hb\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by expert hb (2015-10-19 21:46:39) Run:1
Running from C:\Users\expert hb\Desktop
Loaded Profiles: UpdatusUser & expert hb (Available Profiles: UpdatusUser & expert hb)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\Run: [Facebook Update] => C:\Users\expert hb\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-30] (Facebook Inc.)
C:\Users\expert hb\AppData\Local\Facebook\Update
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\MountPoints2: {3d5b617b-85a6-11e2-b35c-3860776bf897} - F:\ral.exe
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\MountPoints2: {9140dba9-67b3-11e3-b28c-3860776bf897} - E:\StartVMCLite.exe
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\...\MountPoints2: {9140dbaf-67b3-11e3-b28c-3860776bf897} - E:\StartVMCLite.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL =
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQXaB ... kw&search={searchTerms}&i=26&did=10963
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=b6f4b1ad00000000000078929c54e519
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6PQXaB ... kw&search={searchTerms}&i=26&did=10963
SearchScopes: HKU\S-1-5-21-3677846648-1546636431-3061940598-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine: MyStart Search
FF SelectedSearchEngine: MyStart Search
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-3677846648-1546636431-3061940598-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\FantastiGames\npGameTreatWidget.dll [No File]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-08-12] <==== ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001Core.job
C:\ProgramData\McAfee Security Scan
C:\Users\expert hb\AppData\Local\Temp
End
*****************

HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value removed successfully
C:\Users\expert hb\AppData\Local\Facebook\Update => moved successfully
"HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d5b617b-85a6-11e2-b35c-3860776bf897}" => key removed successfully
HKCR\CLSID\{3d5b617b-85a6-11e2-b35c-3860776bf897} => key not found.
"HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9140dba9-67b3-11e3-b28c-3860776bf897}" => key removed successfully
HKCR\CLSID\{9140dba9-67b3-11e3-b28c-3860776bf897} => key not found.
"HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9140dbaf-67b3-11e3-b28c-3860776bf897}" => key removed successfully
HKCR\CLSID\{9140dbaf-67b3-11e3-b28c-3860776bf897} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
"HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
"HKU\S-1-5-21-3677846648-1546636431-3061940598-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}" => key removed successfully
HKCR\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} => key not found.
HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-3677846648-1546636431-3061940598-1001\Software\MozillaPlugins\www.exent.com/GameTreatWidget" => key removed successfully
C:\Program Files (x86)\FantastiGames\npGameTreatWidget.dll => not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
catchme => service removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001UA.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3677846648-1546636431-3061940598-1001Core.job => moved successfully
C:\ProgramData\McAfee Security Scan => moved successfully

"C:\Users\expert hb\AppData\Local\Temp" folder move:

Could not move "C:\Users\expert hb\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-19 21:48:41)

C:\Users\expert hb\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:48:41 ====

Smazáno. PC by již měl být čistý.

OK. Děkuji za pomoc.

Rádo se stalo!