ahoj prosim o kontrolu logu dik...

Zpráva

marek7321 · #1 Příspěvek od **marek7321** » 14 úno 2016 14:45

ComboFix 16-02-09.01 - nikita . 02. 2016 12:18:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3691.2158 [GMT 1:00]
Running from: c:\users\nikita\Desktop\čistič.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Kaspersky Anti-Virus *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\nikita\AppData\Roaming\inst.exe
c:\users\Uzivatel\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2016-01-14 to 2016-02-14 )))))))))))))))))))))))))))))))
.
.
2016-02-14 11:39 . 2016-02-14 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-14 11:12 . 2016-02-14 11:43 -------- d-----w- C:\čistič
2016-02-11 08:09 . 2016-02-13 17:11 -------- d-----w- C:\AdwCleaner
2016-02-08 10:42 . 2016-02-08 10:43 -------- d-----w- C:\Počitač
2016-02-08 10:01 . 2016-02-08 10:01 -------- d-----w- c:\program files (x86)\Seznam.cz
2016-02-08 09:59 . 2016-02-14 09:22 -------- d-----w- c:\users\nikita\AppData\Roaming\Seznam.cz
2016-01-17 12:53 . 2016-01-17 12:53 859080 ----a-w- c:\windows\yowindow.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-09 19:18 . 2015-01-27 05:19 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-09 19:18 . 2011-08-10 17:33 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-07 14:06 . 2016-01-07 14:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EBE0A38-E33E-4480-ACA8-1C0E192BB2C6}\offreg.4024.dll
2016-01-03 14:20 . 2016-01-03 14:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EBE0A38-E33E-4480-ACA8-1C0E192BB2C6}\offreg.1148.dll
2015-12-09 22:13 . 2014-09-24 05:36 140158008 ----a-w- c:\windows\system32\MRT.exe
2015-12-02 12:18 . 2010-11-21 03:27 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-25 11:02 . 2015-12-24 13:14 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EBE0A38-E33E-4480-ACA8-1C0E192BB2C6}\mpengine.dll
2015-11-20 18:54 . 2015-12-09 18:40 3170304 ----a-w- c:\windows\system32\wucltux.dll
2015-11-20 18:54 . 2015-12-09 18:40 2609152 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-20 18:54 . 2015-12-09 18:40 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-11-20 18:54 . 2015-12-09 18:40 37888 ----a-w- c:\windows\system32\wups2.dll
2015-11-20 18:54 . 2015-12-09 18:40 36864 ----a-w- c:\windows\system32\wups.dll
2015-11-20 18:54 . 2015-12-09 18:40 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-20 18:54 . 2015-12-09 18:40 709632 ----a-w- c:\windows\system32\wuapi.dll
2015-11-20 18:54 . 2015-12-09 18:40 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-20 18:54 . 2015-12-09 18:40 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:54 . 2015-12-09 18:40 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-11-20 18:54 . 2015-12-09 18:40 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-20 18:34 . 2015-12-09 18:40 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-20 18:34 . 2015-12-09 18:40 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-20 18:34 . 2015-12-09 18:40 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-20 18:34 . 2015-12-09 18:40 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-20 18:33 . 2015-12-09 18:40 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD36FEBE-DBA1-4597-9DD1-B13794B92F68}]
2013-01-13 01:22 247704 ----a-w- c:\program files (x86)\Bechiro S.L\smartbar\1.8.8.12\bh\smartbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-11-16 8591272]
"cz.seznam.software.autoupdate"="c:\users\nikita\AppData\Roaming\Seznam.cz\szninstall.exe" [2013-05-16 1062472]
"cz.seznam.software.szndesktop"="c:\users\nikita\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" [2015-05-26 103080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2014-09-22 356128]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2015-11-26 1444880]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1300000.080\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1300000.080\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20141118.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1300000.080\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20141120.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20141120.001\IDSvia64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1300000.080\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1300000.080\SYMNETS.SYS [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-13 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-09 19:18]
.
2016-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-27 19:18]
.
2016-01-31 c:\windows\Tasks\HPCeeScheduleForNIKITA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 08:51]
.
2016-02-10 c:\windows\Tasks\HPCeeScheduleFornikita.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 08:51]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.opera.sk/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Clip bookmark - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Clip image - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: New note - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{1F958B09-3312-7f0e-9723-4C1324C57B20}
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2016-02-14 12:56:37 - machine was rebooted
ComboFix-quarantined-files.txt 2016-02-14 11:56
.
Pre-Run: 310 026 031 104 bytes free
Post-Run: 309 482 262 528 bytes free
.
- - End Of File - - 5DE5F8D2BE0B6B4FFF62B5339D44DD20
A36C5E4F47E84449FF07ED3517B43A31

#2 Příspěvek od **Rudy** » 14 úno 2016 17:33

Zdravím!
Proč spouštítte ComboFix, utilitu určenou pouze profesinálům. Hodláte si nabořit systém, nebo některou aplikaci? Jaký máte problém?

marek7321 · #3 Příspěvek od **marek7321** » 14 úno 2016 20:22

Rudy píše:Zdravím!
Proč spouštítte ComboFix, utilitu určenou pouze profesinálům. Hodláte si nabořit systém, nebo některou aplikaci? Jaký máte problém?

problem je taky že pri otvirani stranek sa mi otvori samovolne nove okno alebo sa to presmeruje uplne niekde inde stranky z reklamami a podobne mohli bi ste mi poradit program aplikaciu vopred dik....

#4 Příspěvek od **Rudy** » 14 úno 2016 21:02

Mohl jste to říci rovnou a neriskovat spooučtění CF. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

marek7321 · #5 Příspěvek od **marek7321** » 15 úno 2016 09:04

marek7321 píše:
Rudy píše:Zdravím!
Proč spouštítte ComboFix, utilitu určenou pouze profesinálům. Hodláte si nabořit systém, nebo některou aplikaci? Jaký máte problém?
problem je taky že pri otvirani stranek sa mi otvori samovolne nove okno alebo sa to presmeruje uplne niekde inde stranky z reklamami a podobne mohli bi ste mi poradit program aplikaciu vopred dik....

zdravim dik za radu moj log FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by nikita (administrator) on NIKITA-HP (15-02-2016 08:45:53)
Running from C:\Users\nikita\Desktop
Loaded Profiles: nikita (Available Profiles: nikita)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Users\nikita\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Users\nikita\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.37\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2014-09-22] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-26] (Easybits)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\...\Run: [Advanced SystemCare 4] => C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe [417112 2011-08-09] (IObit)
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\nikita\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\nikita\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-08-10] (EasyBits Software Corp.)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{09715A3A-6690-4DB1-AFE8-5BBCEBBAA868}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.opera.sk/
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {D011BB7A-015B-4260-9DCD-C21EB65D1701} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sk.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {D011BB7A-015B-4260-9DCD-C21EB65D1701} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sk.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2053155360-2111412753-3042327733-1001 -> {D011BB7A-015B-4260-9DCD-C21EB65D1701} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2053155360-2111412753-3042327733-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sk.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll [2011-05-25] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL [2011-05-13] (Symantec Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
BHO-x32: SmartBar Helper Object -> {FD36FEBE-DBA1-4597-9DD1-B13794B92F68} -> C:\Program Files (x86)\Bechiro S.L\smartbar\1.8.8.12\bh\smartbar.dll [2013-01-13] (Montera Technologeis LTD)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll [2011-05-25] (Symantec Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn [2014-09-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn [2014-09-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2015-02-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2015-02-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2015-02-17] [not signed]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2013-05-16]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\Extensions\Chrome.crx [2011-09-20]

Opera:
=======
OPR StartupUrls: ],"urls_signature":""},"speeddial":{"bookmarks_folder_guid":"58AC38F5-86F2-4559-8B43-E5EFB267B03B","imported_to_bookmarks":true},"spellcheck":{"dictionaries":["sk"
OPR Extension: (Speed Dial for YouTube) - C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbjpiaeohiikdienjkfpbdmooefgliac [2015-06-03]
OPR Extension: (Amazon for Opera) - C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-06-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdvancedSystemCareService; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [328536 2011-08-09] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2014-09-22] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-18] (Freemake) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S3 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [138760 2011-05-25] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-01-21] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2015-01-21] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [165512 2011-05-23] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20141120.001\IDSvia64.sys [637656 2014-11-14] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-09-22] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-09-22] (Kaspersky Lab ZAO) [File not signed]
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-09-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-09-22] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-09-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-09-22] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-09-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20141120.020\ENG64.SYS [129752 2014-11-11] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20141120.020\EX64.SYS [2137304 2014-11-11] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSP64.SYS [721528 2011-05-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS [37496 2011-05-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1300000.080\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1300000.080\SYMEFA64.SYS [1083512 2011-05-16] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS [189560 2011-05-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS [396408 2011-05-09] (Symantec Corporation)
S3 catchme; \??\C:\čistič\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-15 08:45 - 2016-02-15 08:47 - 00023156 _____ C:\Users\nikita\Desktop\FRST.txt
2016-02-15 08:45 - 2016-02-15 08:45 - 00000000 ____D C:\FRST
2016-02-15 08:43 - 2016-02-15 08:44 - 02370560 _____ (Farbar) C:\Users\nikita\Desktop\FRST64.exe
2016-02-14 20:31 - 2016-02-14 20:33 - 15852432 _____ C:\Users\nikita\Documents\yosetup (1).exe
2016-02-14 13:50 - 2016-02-14 13:59 - 00000000 ____D C:\Program Files\trend micro
2016-02-14 13:50 - 2016-02-14 13:50 - 00000000 ____D C:\rsit
2016-02-14 13:47 - 2016-02-14 13:47 - 00000000 ___SD C:\ŔistiŔ
2016-02-14 12:56 - 2016-02-14 12:56 - 00023611 _____ C:\ComboFix.txt
2016-02-14 12:12 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-02-14 12:12 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-02-14 12:12 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-02-14 12:12 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-02-14 12:12 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-02-14 12:12 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-02-14 12:12 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-02-14 12:12 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-02-14 11:41 - 2016-02-14 11:42 - 05657611 ____R (Swearware) C:\Users\nikita\Desktop\čistič.exe
2016-02-11 09:11 - 2016-02-11 09:11 - 00000756 _____ C:\Users\nikita\Desktop\adwcleaner_5.033.exe - odkaz.lnk
2016-02-11 09:09 - 2016-02-13 18:11 - 00000000 ____D C:\AdwCleaner
2016-02-11 09:07 - 2016-02-11 09:08 - 08939952 _____ C:\Users\nikita\Documents\adwcleaner_5.033.exe
2016-02-09 19:13 - 2016-02-09 19:13 - 00009864 ____N C:\bootsqm.dat
2016-02-08 11:42 - 2016-02-08 11:43 - 00000000 ____D C:\Počitač
2016-02-08 11:39 - 2016-02-14 13:47 - 00000000 ____D C:\Qoobox
2016-02-08 11:35 - 2016-02-14 12:49 - 00000000 ____D C:\Windows\erdnt
2016-02-08 11:01 - 2016-02-08 11:01 - 00002318 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-08 11:01 - 2016-02-08 11:01 - 00002271 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2016-02-08 11:01 - 2016-02-08 11:01 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-02-08 10:59 - 2016-02-15 08:07 - 00000000 ____D C:\Users\nikita\AppData\Roaming\Seznam.cz
2016-02-08 10:58 - 2016-02-08 10:58 - 09169548 _____ C:\Users\nikita\Documents\adwcleaner_5.026.exe
2016-02-01 19:59 - 2016-02-01 19:59 - 00695848 _____ C:\Users\nikita\Documents\Tlacivo na poukazanie 2 percent z dane pre ASK Skalica.pdf
2016-01-29 19:51 - 2016-01-29 19:51 - 00859080 _____ (repkasoft) C:\Windows\yowindow.scr
2016-01-26 16:32 - 2016-01-26 16:33 - 15847760 _____ C:\Users\nikita\Documents\yosetup.exe
2016-01-25 19:58 - 2016-01-25 20:05 - 00000000 ____D C:\Users\nikita\Desktop\Zuzka
2016-01-23 13:58 - 2016-01-23 13:59 - 01632456 _____ C:\Users\nikita\Downloads\setup_Moj_CEWE_FOTOSVET_60.exe
2016-01-23 13:40 - 2016-01-23 13:37 - 00720360 _____ (Opera Software) C:\Users\nikita\Documents\Opera_NI_stable.exe
2016-01-18 20:11 - 2016-01-19 07:49 - 00000000 ____D C:\Users\nikita\Downloads\Stredná odborná škola techniky a služieb - Photos_files
2016-01-18 09:01 - 2016-01-18 09:01 - 00191030 _____ C:\Users\nikita\Documents\Potvrdenie o úhrade diaľničnej známky,_201601180901 .pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-15 08:40 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-15 08:40 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-15 08:17 - 2015-01-27 06:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-15 08:17 - 2014-09-22 16:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-15 08:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-14 20:32 - 2015-12-09 05:57 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleFornikita
2016-02-14 20:32 - 2015-12-09 05:57 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleFornikita.job
2016-02-14 12:43 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-02-14 12:00 - 2009-07-14 06:13 - 00782720 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-14 12:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-14 11:59 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-13 22:10 - 2015-06-03 13:11 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-02-11 10:06 - 2015-06-09 11:10 - 00003094 _____ C:\Windows\System32\Tasks\ASC4_PerformanceMonitor
2016-02-11 09:39 - 2015-06-28 08:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-09 20:18 - 2015-06-03 13:11 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-02-09 20:18 - 2015-01-27 06:19 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 20:18 - 2015-01-27 06:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 20:18 - 2011-08-10 18:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-08 16:35 - 2014-09-22 17:09 - 00000000 ____D C:\Users\nikita\AppData\Local\CrashDumps
2016-02-08 11:24 - 2015-12-04 21:04 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 35.lnk
2016-02-08 11:24 - 2015-12-04 21:04 - 00000986 _____ C:\Users\Public\Desktop\Opera 35.lnk
2016-02-08 11:24 - 2015-06-03 11:33 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-02-08 11:24 - 2014-09-22 13:01 - 00000989 _____ C:\Users\nikita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-08 11:24 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-04 15:36 - 2015-12-04 21:04 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449259425
2016-02-04 15:36 - 2015-06-03 11:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-31 22:02 - 2011-09-20 02:15 - 00000000 ____D C:\ProgramData\Norton
2016-01-31 21:51 - 2014-09-22 15:25 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNIKITA-HP$
2016-01-31 21:51 - 2014-09-22 15:25 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForNIKITA-HP$.job
2016-01-30 19:54 - 2014-11-29 20:11 - 00000000 ____D C:\Users\nikita\AppData\Roaming\vlc
2016-01-30 19:53 - 2014-09-22 12:46 - 00000000 ____D C:\Users\nikita
2016-01-23 14:10 - 2015-01-05 16:40 - 00000000 ____D C:\ProgramData\tmp
2016-01-23 14:08 - 2015-01-24 18:28 - 00001042 _____ C:\Users\Public\Desktop\Moj CEWE FOTOSVET.lnk
2016-01-23 14:08 - 2015-01-24 18:28 - 00001012 _____ C:\Users\Public\Desktop\CEWE náhlad.lnk
2016-01-23 13:48 - 2009-07-14 06:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-23 13:32 - 2015-06-08 07:47 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-01-19 16:18 - 2015-05-16 14:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-19 16:16 - 2015-06-28 13:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-19 07:51 - 2015-04-04 21:31 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-19 07:51 - 2015-01-24 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moj CEWE FOTOSVET
2016-01-19 07:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-19 07:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

==================== Files in the root of some directories =======

2015-03-01 12:24 - 2015-03-02 05:46 - 0004802 _____ () C:\Users\nikita\AppData\Roaming\365dniError.log
2014-09-25 12:20 - 2014-09-25 12:49 - 0007859 _____ () C:\Users\nikita\AppData\Roaming\pcouffin.cat
2014-09-25 12:20 - 2014-09-25 12:49 - 0001167 _____ () C:\Users\nikita\AppData\Roaming\pcouffin.inf
2014-09-25 12:20 - 2014-09-25 12:49 - 0000055 _____ () C:\Users\nikita\AppData\Roaming\pcouffin.log
2014-09-25 12:20 - 2014-09-25 12:49 - 0082816 _____ (VSO Software) C:\Users\nikita\AppData\Roaming\pcouffin.sys
2015-11-25 14:36 - 2015-11-25 14:37 - 29796955 _____ () C:\Users\nikita\AppData\Roaming\UserTile.png
2016-01-04 16:46 - 2016-01-04 16:46 - 0004608 _____ () C:\Users\nikita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-11 11:28 - 2015-05-11 11:28 - 0000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

#6 Příspěvek od **Rudy** » 15 úno 2016 17:18

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

marek7321 · #7 Příspěvek od **marek7321** » 15 úno 2016 21:11

Rudy píše:Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v5.033 - Logfile created 15/02/2016 at 20:48:41
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : nikita - NIKITA-HP
# Running from : C:\Users\nikita\AppData\Local\Temp\nsc5EC2.tmp\setupadwcleaner_5.033.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [711 bytes] ##########

#8 Příspěvek od **Rudy** » 15 úno 2016 21:50

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\nikita\Documents\yosetup.exe
C:\ProgramData\tmp
C:\Users\nikita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Doporučuji odinstalovat AdvancedSystemCare. Ten to čínský rádoby čistič vidí problémy i tam, kde nejsou a laik si jím snadno může poškodit systém. Dále v PC vidím 2 antiviry (NIS a Kaspersky). Jeden z nich odinstalujte, mohlo by docházet k sw kolizím.

marek7321 · #9 Příspěvek od **marek7321** » 16 úno 2016 11:46

Rudy píše:Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\nikita\Documents\yosetup.exe
C:\ProgramData\tmp
C:\Users\nikita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Doporučuji odinstalovat AdvancedSystemCare. Ten to čínský rádoby čistič vidí problémy i tam, kde nejsou a laik si jím snadno může poškodit systém. Dále v PC vidím 2 antiviry (NIS a Kaspersky). Jeden z nich odinstalujte, mohlo by docházet k sw kolizím.

zdravim dik za pomoc ale mol bi ste mi poradit z odinštalaciou antiviru NIS nevim jak nato ani sem nevjedel že ho tam mam

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by nikita (administrator) on NIKITA-HP (16-02-2016 11:31:52)
Running from C:\Users\nikita\Desktop
Loaded Profiles: nikita (Available Profiles: nikita)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
() C:\Users\nikita\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Users\nikita\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2014-09-22] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-26] (Easybits)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\nikita\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\nikita\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-08-10] (EasyBits Software Corp.)
BootExecute:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{09715A3A-6690-4DB1-AFE8-5BBCEBBAA868}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.opera.sk/
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {D011BB7A-015B-4260-9DCD-C21EB65D1701} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sk.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {D011BB7A-015B-4260-9DCD-C21EB65D1701} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sk.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2053155360-2111412753-3042327733-1001 -> {D011BB7A-015B-4260-9DCD-C21EB65D1701} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2053155360-2111412753-3042327733-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://sk.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll [2011-05-25] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL [2011-05-13] (Symantec Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2014-09-22] (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
BHO-x32: SmartBar Helper Object -> {FD36FEBE-DBA1-4597-9DD1-B13794B92F68} -> C:\Program Files (x86)\Bechiro S.L\smartbar\1.8.8.12\bh\smartbar.dll [2013-01-13] (Montera Technologeis LTD)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll [2011-05-25] (Symantec Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn [2014-09-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn [2014-09-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2015-02-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2015-02-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2015-02-17] [not signed]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2013-05-16]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\Extensions\Chrome.crx [2011-09-20]

Opera:
=======
OPR StartupUrls: ],"urls_signature":""},"speeddial":{"bookmarks_folder_guid":"58AC38F5-86F2-4559-8B43-E5EFB267B03B","imported_to_bookmarks":true},"spellcheck":{"dictionaries":["sk"
OPR Extension: (Speed Dial for YouTube) - C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbjpiaeohiikdienjkfpbdmooefgliac [2015-06-03]
OPR Extension: (Amazon for Opera) - C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2015-06-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2014-09-22] (Kaspersky Lab ZAO)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-09-18] (Freemake) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S3 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [138760 2011-05-25] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-01-21] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2015-01-21] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20141118.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [165512 2011-05-23] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20141120.001\IDSvia64.sys [637656 2014-11-14] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-09-22] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-09-22] (Kaspersky Lab ZAO) [File not signed]
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-09-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-09-22] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-09-22] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-09-22] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-09-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20141120.020\ENG64.SYS [129752 2014-11-11] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20141120.020\EX64.SYS [2137304 2014-11-11] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSP64.SYS [721528 2011-05-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS [37496 2011-05-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1300000.080\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1300000.080\SYMEFA64.SYS [1083512 2011-05-16] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS [189560 2011-05-16] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS [396408 2011-05-09] (Symantec Corporation)
S3 catchme; \??\C:\čistič\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-16 11:31 - 2016-02-16 11:31 - 00022462 _____ C:\Users\nikita\Desktop\FRST.txt
2016-02-15 09:10 - 2016-02-15 09:16 - 527795440 _____ C:\Users\nikita\Downloads\Na vode 2. Milej kluk.avi
2016-02-15 08:49 - 2016-02-15 08:52 - 00038250 _____ C:\Users\nikita\Desktop\Addition.txt
2016-02-15 08:45 - 2016-02-16 11:31 - 00000000 ____D C:\FRST
2016-02-15 08:45 - 2016-02-16 11:27 - 00034803 _____ C:\Users\nikita\Desktop\fixlist.txt
2016-02-15 08:43 - 2016-02-15 08:44 - 02370560 _____ (Farbar) C:\Users\nikita\Desktop\FRST64.exe
2016-02-14 20:31 - 2016-02-14 20:33 - 15852432 _____ C:\Users\nikita\Documents\yosetup (1).exe
2016-02-14 13:50 - 2016-02-14 13:59 - 00000000 ____D C:\Program Files\trend micro
2016-02-14 13:50 - 2016-02-14 13:50 - 00000000 ____D C:\rsit
2016-02-14 13:47 - 2016-02-14 13:47 - 00000000 ___SD C:\ŔistiŔ
2016-02-14 12:56 - 2016-02-14 12:56 - 00023611 _____ C:\ComboFix.txt
2016-02-14 12:12 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-02-14 12:12 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-02-14 12:12 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-02-14 12:12 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-02-14 12:12 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-02-14 12:12 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-02-14 12:12 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-02-14 12:12 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-02-14 11:41 - 2016-02-14 11:42 - 05657611 ____R (Swearware) C:\Users\nikita\Desktop\čistič.exe
2016-02-11 09:11 - 2016-02-11 09:11 - 00000756 _____ C:\Users\nikita\Desktop\adwcleaner_5.033.exe - odkaz.lnk
2016-02-11 09:09 - 2016-02-15 20:48 - 00000000 ____D C:\AdwCleaner
2016-02-11 09:07 - 2016-02-11 09:08 - 08939952 _____ C:\Users\nikita\Documents\adwcleaner_5.033.exe
2016-02-09 19:13 - 2016-02-09 19:13 - 00009864 ____N C:\bootsqm.dat
2016-02-08 11:42 - 2016-02-08 11:43 - 00000000 ____D C:\Počitač
2016-02-08 11:39 - 2016-02-14 13:47 - 00000000 ____D C:\Qoobox
2016-02-08 11:35 - 2016-02-14 12:49 - 00000000 ____D C:\Windows\erdnt
2016-02-08 11:01 - 2016-02-08 11:01 - 00002318 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-08 11:01 - 2016-02-08 11:01 - 00002271 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2016-02-08 11:01 - 2016-02-08 11:01 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-02-08 10:59 - 2016-02-16 05:48 - 00000000 ____D C:\Users\nikita\AppData\Roaming\Seznam.cz
2016-02-08 10:58 - 2016-02-08 10:58 - 09169548 _____ C:\Users\nikita\Documents\adwcleaner_5.026.exe
2016-02-01 19:59 - 2016-02-01 19:59 - 00695848 _____ C:\Users\nikita\Documents\Tlacivo na poukazanie 2 percent z dane pre ASK Skalica.pdf
2016-01-29 19:51 - 2016-01-29 19:51 - 00859080 _____ (repkasoft) C:\Windows\yowindow.scr
2016-01-26 16:32 - 2016-01-26 16:33 - 15847760 _____ C:\Users\nikita\Documents\yosetup.exe
2016-01-25 19:58 - 2016-01-25 20:05 - 00000000 ____D C:\Users\nikita\Desktop\Zuzka
2016-01-23 13:58 - 2016-01-23 13:59 - 01632456 _____ C:\Users\nikita\Downloads\setup_Moj_CEWE_FOTOSVET_60.exe
2016-01-23 13:40 - 2016-01-23 13:37 - 00720360 _____ (Opera Software) C:\Users\nikita\Documents\Opera_NI_stable.exe
2016-01-18 20:11 - 2016-01-19 07:49 - 00000000 ____D C:\Users\nikita\Downloads\Stredná odborná škola techniky a služieb - Photos_files
2016-01-18 09:01 - 2016-01-18 09:01 - 00191030 _____ C:\Users\nikita\Documents\Potvrdenie o úhrade diaľničnej známky,_201601180901 .pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-16 11:24 - 2014-09-22 16:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-16 11:17 - 2015-01-27 06:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-16 11:10 - 2009-07-14 06:13 - 00782720 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-16 11:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-16 05:56 - 2015-12-30 16:23 - 00000000 ____D C:\Users\nikita\Documents\jarko FITNESS
2016-02-16 05:51 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-16 05:51 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-16 05:49 - 2014-09-24 06:50 - 00000000 ____D C:\Users\nikita\AppData\Roaming\SoftGrid Client
2016-02-16 05:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-15 18:40 - 2014-09-22 17:09 - 00000000 ____D C:\Users\nikita\AppData\Local\CrashDumps
2016-02-14 20:32 - 2015-12-09 05:57 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleFornikita
2016-02-14 20:32 - 2015-12-09 05:57 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleFornikita.job
2016-02-14 12:43 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-02-14 11:59 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-13 22:10 - 2015-06-03 13:11 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-02-11 09:39 - 2015-06-28 08:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-09 20:18 - 2015-06-03 13:11 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-02-09 20:18 - 2015-01-27 06:19 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 20:18 - 2015-01-27 06:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 20:18 - 2011-08-10 18:33 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-08 11:24 - 2015-12-04 21:04 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 35.lnk
2016-02-08 11:24 - 2015-12-04 21:04 - 00000986 _____ C:\Users\Public\Desktop\Opera 35.lnk
2016-02-08 11:24 - 2015-06-03 11:33 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-02-08 11:24 - 2014-09-22 13:01 - 00000989 _____ C:\Users\nikita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-08 11:24 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-04 15:36 - 2015-12-04 21:04 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449259425
2016-02-04 15:36 - 2015-06-03 11:32 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-31 22:02 - 2011-09-20 02:15 - 00000000 ____D C:\ProgramData\Norton
2016-01-31 21:51 - 2014-09-22 15:25 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNIKITA-HP$
2016-01-31 21:51 - 2014-09-22 15:25 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForNIKITA-HP$.job
2016-01-30 19:54 - 2014-11-29 20:11 - 00000000 ____D C:\Users\nikita\AppData\Roaming\vlc
2016-01-30 19:53 - 2014-09-22 12:46 - 00000000 ____D C:\Users\nikita
2016-01-23 14:10 - 2015-01-05 16:40 - 00000000 ____D C:\ProgramData\tmp
2016-01-23 14:08 - 2015-01-24 18:28 - 00001042 _____ C:\Users\Public\Desktop\Moj CEWE FOTOSVET.lnk
2016-01-23 14:08 - 2015-01-24 18:28 - 00001012 _____ C:\Users\Public\Desktop\CEWE náhlad.lnk
2016-01-23 13:48 - 2009-07-14 06:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-23 13:32 - 2015-06-08 07:47 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-01-19 16:18 - 2015-05-16 14:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-19 16:16 - 2015-06-28 13:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-19 07:51 - 2015-04-04 21:31 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-19 07:51 - 2015-01-24 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moj CEWE FOTOSVET
2016-01-19 07:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-19 07:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration

==================== Files in the root of some directories =======

2015-03-01 12:24 - 2015-03-02 05:46 - 0004802 _____ () C:\Users\nikita\AppData\Roaming\365dniError.log
2014-09-25 12:20 - 2014-09-25 12:49 - 0007859 _____ () C:\Users\nikita\AppData\Roaming\pcouffin.cat
2014-09-25 12:20 - 2014-09-25 12:49 - 0001167 _____ () C:\Users\nikita\AppData\Roaming\pcouffin.inf
2014-09-25 12:20 - 2014-09-25 12:49 - 0000055 _____ () C:\Users\nikita\AppData\Roaming\pcouffin.log
2014-09-25 12:20 - 2014-09-25 12:49 - 0082816 _____ (VSO Software) C:\Users\nikita\AppData\Roaming\pcouffin.sys
2015-11-25 14:36 - 2015-11-25 14:37 - 29796955 _____ () C:\Users\nikita\AppData\Roaming\UserTile.png
2016-01-04 16:46 - 2016-01-04 16:46 - 0004608 _____ () C:\Users\nikita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-11 11:28 - 2015-05-11 11:28 - 0000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\nikita\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-21 20:16

==================== End of FRST.txt ============================

#10 Příspěvek od **Rudy** » 16 úno 2016 16:53

Stáhněte odinstalační utilitu od Nortona (Symnrt): https://support.norton.com/sp/cs/cz/hom ... file_cs_cz a spusťte.

marek7321 · #11 Příspěvek od **marek7321** » 16 úno 2016 21:03

Rudy píše:Stáhněte odinstalační utilitu od Nortona (Symnrt): https://support.norton.com/sp/cs/cz/hom ... file_cs_cz a spusťte.

čauko dik za pomoc všecko som urobil ako ste radil dufam že to bude ok ale tie okna sa sem tam samovolne otvoria neviete čim bi to mohlo bit dik vopred

#12 Příspěvek od **Rudy** » 16 úno 2016 21:46

Zkuste ještě následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

marek7321 · #13 Příspěvek od **marek7321** » 17 úno 2016 20:15

Rudy píše:Zkuste ještě následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

marek7321 · #14 Příspěvek od **marek7321** » 19 úno 2016 13:53

marek7321 píše:
Rudy píše:Zkuste ještě následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by nikita on st 17. 02. 2016 at 20:05:39,22.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\nikita\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17. 2. 2016 20:10:03 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\IObit deleted successfully
C:\PROGRA~3\GlarySoft deleted successfully
C:\Users\nikita\AppData\Roaming\DiskDefrag deleted successfully
C:\Users\nikita\AppData\Roaming\GlarySoft deleted successfully
C:\Users\nikita\AppData\Roaming\passport_photo deleted successfully
C:\Users\nikita\AppData\Roaming\TP deleted successfully
C:\Users\nikita\AppData\Roaming\Vso deleted successfully
C:\Users\nikita\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\nikita\AppData\Local\EmieSiteList deleted successfully
C:\Users\nikita\AppData\Local\EmieUserList deleted successfully
C:\Users\nikita\AppData\Local\Kit Ball deleted successfully
C:\Users\nikita\AppData\Local\Kit Food deleted successfully
C:\Users\nikita\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D011BB7A-015B-4260-9DCD-C21EB65D1701} deleted successfully
HKEY_USERS\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_USERS\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} deleted successfully
HKEY_USERS\S-1-5-21-2053155360-2111412753-3042327733-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D011BB7A-015B-4260-9DCD-C21EB65D1701} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D011BB7A-015B-4260-9DCD-C21EB65D1701} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\IObit not found
C:\PROGRA~2\Internet Radio deleted
C:\Users\nikita\AppData\Roaming\Infigo deleted
C:\Users\nikita\AppData\Roaming\Bechiro S.L deleted
C:\windows\SysNative\Tasks\Kit Ball deleted
C:\windows\SysNative\Tasks\Kit Ball2 deleted
C:\Program Files (x86)\Activision\817c4355-84ed-4735-9628-bd794aa6dda8.dll deleted
C:\Program Files (x86)\Activision\d81a45dd-6c51-4862-ace2-33d8993a0413.dll deleted
C:\PROGRA~2\Shoppy-Up.2.7 deleted
C:\PROGRA~2\d81a45dd-6c51-4862-ace2-33d8993a0413 deleted
C:\extensions deleted
C:\Users\nikita\AppData\Roaming\365dniError.log deleted
C:\Users\nikita\AppData\Roaming\pcouffin.log deleted
C:\Users\Uzivatel\AppData\Roaming\OpenCandy deleted
C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} deleted
C:\Users\Uzivatel\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp deleted
C:\Users\Uzivatel\AppData\Local\somotomoviestoolbar1 deleted
C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx deleted
C:\Users\nikita\AppData\LocalLow\Unity deleted
C:\Users\Uzivatel\AppData\LocalLow\Torntv V9.0 deleted
C:\Users\Uzivatel\AppData\LocalLow\DataMngr deleted
C:\Users\Uzivatel\AppData\LocalLow\somotomoviestoolbar1 deleted
C:\windows\SysNative\tasks\Game_Booster_AutoUpdate deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWOW64\AniGIF.ocx deleted

==== Orphaned Tasks deleted from Registry ======================

Game_Booster_AutoUpdate deleted
Kit Ball deleted
Kit Ball2 deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\nikita\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx[16. 05. 2013 22:01]
lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/deta ... icnklhfplh[]

Movies App - Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic
Elite Unzip - Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea
Speed Dial for YouTube - nikita\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbjpiaeohiikdienjkfpbdmooefgliac

==== Chromium Startpages ======================

C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://isearch.omiga-plus.com/?type=hp& ... RPDCW1RPDX",
"startup_urls": [ "http://isearch.omiga-plus.com/?type=hp& ... RPDCW1RPDX" ]

==== Chromium Fix ======================

C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage deleted successfully
C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_advert.uloz.to_0.localstorage deleted successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbjpiaeohiikdienjkfpbdmooefgliac deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.opera.sk/"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.opera.sk/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... -SearchBox
HKLM\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} - http://sk.wikipedia.org/wiki/Special:Se ... earchTerms}
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{7F4EFF06-7032-458e-AE16-1C1D8255C28A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... -SearchBox
HKLM\Wow6432Node\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} - http://www.bing.com/search?q={searchTer ... DF&pc=MSE1
HKLM\Wow6432Node\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} - http://sk.wikipedia.org/wiki/Special:Se ... earchTerms}
HKCU\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... utEncoding?}
HKCU\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} - http://sk.wikipedia.org/wiki/Special:Se ... earchTerms}

==== Reset Google Chrome ======================

C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Preferences~RF11d0e38.TMP was reset successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Preferences~RF13ad177.TMP was reset successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Preferences~RF151171f.TMP was reset successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Preferences~RF61b8a6.TMP was reset successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Preferences~RFf4fc4.TMP was reset successfully
C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Web Data will be reset at reboot
C:\Users\nikita\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal will be reset at reboot

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\nikita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\nikita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\nikita\Documents\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\nikita\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot
C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64
Ran by nikita (Administrator) on pi 19. 02. 2016 at 13:29:38,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\Users\nikita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUZ0OW4O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nikita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8Y5PTCX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nikita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N34FSL9K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\nikita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFIA0URS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUZ0OW4O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8Y5PTCX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N34FSL9K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFIA0URS (Temporary Internet Files Folder)

Registry: 5

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\PCSUUCDRV (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2B957272-B97E-4014-8537-15EF7CBB23FA} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD36FEBE-DBA1-4597-9DD1-B13794B92F68} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD36FEBE-DBA1-4597-9DD1-B13794B92F68} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pi 19. 02. 2016 at 13:34:28,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#15 Příspěvek od **Rudy** » 19 úno 2016 17:09

Změnilo se něco nyní?

VIRY.CZ

ahoj prosim o kontrolu logu dik...

ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...

Re: ahoj prosim o kontrolu logu dik...