VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vir z facebook chatu

https://forum.viry.cz:443/viewtopic.php?t=148744

Stránka 1 z 1

Vir z facebook chatu

Napsal: 21 dub 2016 17:29
od pierres
Ahoj potrebuju pomoc klikl jsem na video co mi prislo na fb do zpravy a mam to plne viru prosim o pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-12-2015
Ran by Pierre (administrator) on NERO (21-04-2016 18:27:09)
Running from C:\Documents and Settings\Pierre\Plocha
Loaded Profiles: Pierre (Available Profiles: Pierre)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
() C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
() C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
() C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager\main\MiPhoneHelper.exe
() C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz\bin\szndesktop.exe
() C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Smart Share\Update\SmartShareTray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Smart Share\DMS\SmartShareDMS.exe
(LG Electronics Inc.) C:\Program Files\LG Software\LG Smart Share\DMR\SmartShareDMR.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
() C:\Documents and Settings\All Users\Data aplikací\CloudPrinter\CloudPrinter.exe
(Search Module Ltd.) C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe
() C:\Program Files\badu\uc.exe
( ) C:\Program Files\badu\Bind.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [LG Smart Share] => C:\Program Files\LG Software\LG Smart Share\SmartShareStartXP.exe [134744 2013-03-25] (LG Electronics Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-07-23] (Power Software Ltd)
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM\...\Run: [EaseUS TB Tray Agent] => C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2591888 2015-09-14] ()
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [SpyHunter Security Suite] => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [7252864 2016-04-21] (Enigma Software Group USA, LLC.)
HKLM\...\Run: [22] => C:\Documents and Settings\Pierre\Local Settings\temp\22.exe [3680768 2016-04-21] () <===== ATTENTION
HKLM\...\Run: [apphide] => C:\Program Files\badu\uc.exe [245829 2016-04-03] ()
HKLM\...\Run: [pcmgr] => C:\Program Files\badu\Uninst.exe
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4556048 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [GoogleChromeAutoLaunch_BD17503A2D8EC1E93944F64D6130C39D] => "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [MiPhoneManager] => C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager\main\MiPhoneHelper.exe [157624 2016-03-11] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [GSplay.exe] => GSPlay.exe REG_EXPAND_SZ C:\Pierre\Download\GSplay\GSplay.exe
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [svchost0] => C:\Program Files\UCBrowser\Application\UUC0789.exe [69632 2016-04-21] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [apphide] => C:\Program Files\badu\uc.exe [245829 2016-04-03] ()
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\Quoteex\Inchnix.dll => C:\Documents and Settings\All Users\Data aplikací\Quoteex\Inchnix.dll [257536 2016-04-21] ()
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\CineForm Status.lnk [2015-09-16]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{95358A7A-F515-4188-B822-D6E5B12114F4}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sTRm4aAJLt4LIUJzEgiY6I7AfIcSaYAcznIuZ7WXER1-3PQg_ZIxhBtQZYMA4H5qC5qY6_AeLklZU5S-Uu
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sTRm4aAJLt4LIUJzEgiY6I7AfIcSaYAcznIuZ7WXER1-3PQg_ZIxhBtQZYMA4H5qC5qY6_AeLklZU5S-Uu
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,&vp=ch&prd=set_ie
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {0FDD15E1-D10C-4195-8EFB-87052BFC6870} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> \Torrent Search\IEEF\qcZtGKqHlUOe.dll => No File
Toolbar: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2014-02-25] (Společnost Microsoft)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1454471165-1326574676-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-05] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-19]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Disk Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-19]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Terapaper) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hkibjmfcciicdoofeljjmffoekkcnjnm [2016-04-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Gmail) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CloudPrinter; C:\Documents and Settings\All Users\Data aplikací\\CloudPrinter\\CloudPrinter.exe [1027584 2016-04-21] () [File not signed]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd)
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
S2 Quoteex; C:\Documents and Settings\All Users\Data aplikací\\Quoteex\\Quoteex.exe [1027584 2016-04-21] () [File not signed]
R2 SMUpd; C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe [1577984 2016-04-19] (Search Module Ltd.) [File not signed]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [784256 2016-04-21] (Enigma Software Group USA, LLC.)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25104 2015-06-21] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [14944 2014-11-18] ()
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-04-21] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-04-21] ()
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52008 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40744 2014-12-15] ()
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14888 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [188328 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2014-11-18] ()
R3 ip100xp; C:\WINDOWS\System32\DRIVERS\ipfnd51.sys [26752 2010-11-23] (IC Plus Corp. ) [File not signed]
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [56280 2013-09-16] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
U0 MPCBase; C:\WINDOWS\System32\drivers\MPCBase.sys [29032 2016-04-21] (DotC United Inc)
R1 MPCKpt; C:\WINDOWS\System32\DRIVERS\MPCKpt.sys [53992 2016-04-21] (DotC United Inc)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [136624 2015-09-14] (NVIDIA Corporation)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114304 2015-07-23] (Power Software Ltd)
R3 SMUpdd; C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys [25600 2016-04-19] () [File not signed]
R3 tap0901t; C:\WINDOWS\System32\DRIVERS\tap0901t.sys [43568 2015-12-21] (Tunngle.net)
U1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [71040 2016-03-28] (Huorong Borui (Beijing) Technology Co., Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 MSICDSetup; \??\D:\CDriver.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 18:26 - 2016-04-21 18:26 - 00000446 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2016-04-21 18:26 - 2016-04-21 18:26 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\UCBrowser
2016-04-21 18:26 - 2016-03-28 14:46 - 00071040 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
2016-04-21 18:25 - 2016-04-21 18:26 - 00000000 ____D C:\Program Files\UCBrowser
2016-04-21 18:22 - 2016-04-21 18:22 - 00000000 ____D C:\Program Files\badu
2016-04-21 18:21 - 2016-04-21 18:22 - 00000952 _____ C:\WINDOWS\Tasks\SMW_UpdateTask_Time_333533323338323033352d3437415a556c2a3223346c41.job
2016-04-21 18:21 - 2016-04-21 18:21 - 00356864 _____ C:\Documents and Settings\All Users\Data aplikací\smp2.exe
2016-04-21 18:21 - 2016-04-21 18:21 - 00000881 _____ C:\Documents and Settings\Pierre\Plocha\Continue installation .lnk
2016-04-21 18:21 - 2016-04-21 18:21 - 00000652 _____ C:\WINDOWS\Tasks\SMW_P.job
2016-04-21 18:21 - 2016-04-21 18:21 - 00000000 ____D C:\Program Files\Common Files\Doobzo
2016-04-21 18:21 - 2016-04-21 18:21 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\SearchModule
2016-04-21 18:20 - 2016-04-21 18:20 - 00053992 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-04-21 18:20 - 2016-04-21 18:20 - 00029032 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCBase.sys
2016-04-21 18:20 - 2016-04-21 18:20 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-04-21 18:19 - 2016-04-21 18:19 - 00002385 _____ C:\WINDOWS\system32\findit.xml
2016-04-21 18:19 - 2016-04-21 18:19 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Quoteexs
2016-04-21 18:18 - 2016-04-21 18:20 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Quoteex
2016-04-21 18:18 - 2016-04-21 18:18 - 06494208 _____ C:\Documents and Settings\Pierre\Data aplikací\agent.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 01626777 _____ C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 01027584 _____ C:\Documents and Settings\Pierre\Data aplikací\Sanzap.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 01027584 _____ C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 00848437 _____ C:\Documents and Settings\Pierre\Data aplikací\Silverlight.bin
2016-04-21 18:18 - 2016-04-21 18:18 - 00127488 _____ C:\Documents and Settings\Pierre\Data aplikací\Installer.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00126464 _____ C:\Documents and Settings\Pierre\Data aplikací\noah.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00126464 _____ C:\Documents and Settings\Pierre\Data aplikací\lobby.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00079662 _____ C:\Documents and Settings\Pierre\Data aplikací\inst.lat
2016-04-21 18:18 - 2016-04-21 18:18 - 00072717 _____ C:\Documents and Settings\Pierre\Data aplikací\Sanzap.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 00065568 _____ C:\Documents and Settings\Pierre\Data aplikací\Config.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 00054272 _____ C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00018432 _____ C:\Documents and Settings\Pierre\Data aplikací\Main.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00015840 _____ C:\Documents and Settings\Pierre\Data aplikací\InstallationConfiguration.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 00005568 _____ C:\Documents and Settings\Pierre\Data aplikací\md.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 00000000 ____D C:\Program Files\Common Files\Transrandax
2016-04-21 18:18 - 2016-04-21 18:18 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\CloudPrinter
2016-04-21 18:12 - 2016-04-21 18:12 - 00000248 _____ C:\WINDOWS\Tasks\Update Service for Torrent Search.job
2016-04-21 18:12 - 2016-04-21 18:12 - 00000000 ____D C:\Program Files\Torrent Search
2016-04-21 17:44 - 2016-04-21 17:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini042116-01.dmp
2016-04-21 17:39 - 2016-04-21 17:39 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Enigma Software Group
2016-04-21 17:38 - 2016-04-21 17:38 - 00000000 ____D C:\sh4ldr
2016-04-21 17:37 - 2016-04-21 17:37 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-04-21 17:37 - 2016-04-21 17:37 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-04-18 21:06 - 2016-04-18 21:06 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Data aplikací\Google
2016-04-08 11:03 - 2016-04-08 11:03 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-03-29 23:16 - 2016-04-21 10:18 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\EurekaLog
2016-03-29 14:31 - 2016-03-29 14:31 - 01463253 _____ C:\Documents and Settings\Pierre\Plocha\Dane 2016 5132550_2015_d298ba1310.pdf
2016-03-29 13:59 - 2016-03-29 13:59 - 00237486 _____ C:\Documents and Settings\Pierre\Plocha\A160302_VEN_005_DANE_2015_D.XLSX
2016-03-26 14:02 - 2016-03-26 14:02 - 00036864 _____ C:\Documents and Settings\Pierre\Plocha\1458856945_e3dd35254fffe456a5472dae15fd9e16.xls
2016-03-25 02:53 - 2016-03-25 02:53 - 00047166 _____ C:\Documents and Settings\Pierre\Dokumenty\Agents of SHIELD S03E13 - Parting Shot (AVS).srt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 18:27 - 2015-12-30 20:47 - 00027017 _____ C:\Documents and Settings\Pierre\Plocha\FRST.txt
2016-04-21 18:27 - 2015-12-30 20:47 - 00000000 ____D C:\FRST
2016-04-21 18:27 - 2015-07-13 00:36 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\temp
2016-04-21 18:26 - 2015-12-30 20:46 - 00029696 _____ C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MSGBOX.EXE
2016-04-21 18:26 - 2015-02-25 22:15 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-04-21 18:26 - 2015-02-25 22:15 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-04-21 18:26 - 2015-02-25 21:47 - 00000000 ___HD C:\Documents and Settings\Pierre\Local Settings\Data aplikací
2016-04-21 18:26 - 2015-02-25 21:47 - 00000000 ____D C:\Documents and Settings\Pierre\Plocha
2016-04-21 18:25 - 2015-09-17 20:10 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-21 18:24 - 2015-09-04 12:12 - 00001819 _____ C:\Documents and Settings\Default User\Nabídka Start\Programy\Google Chrome.lnk
2016-04-21 18:24 - 2015-09-04 12:12 - 00001813 _____ C:\Documents and Settings\Default User\Plocha\Google Chrome.lnk
2016-04-21 18:22 - 2015-02-25 22:13 - 00000000 ____D C:\Pierre
2016-04-21 18:21 - 2015-02-26 00:41 - 00009328 _____ C:\WINDOWS\system32\nvAppTimestamps
2016-04-21 18:21 - 2015-02-25 22:15 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2016-04-21 18:20 - 2015-04-03 10:13 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Mozilla
2016-04-21 18:18 - 2015-02-25 21:47 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací
2016-04-21 18:03 - 2015-06-19 00:32 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-21 17:51 - 2015-02-25 21:47 - 00001599 _____ C:\Documents and Settings\Pierre\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-04-21 17:50 - 2015-03-01 10:42 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz
2016-04-21 17:50 - 2015-02-25 21:36 - 00001599 _____ C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-04-21 17:50 - 2015-02-25 21:36 - 00001507 _____ C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2016-04-21 17:49 - 2015-02-25 22:16 - 01184620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-21 17:49 - 2004-08-18 14:00 - 00489962 _____ C:\WINDOWS\system32\perfh005.dat
2016-04-21 17:49 - 2004-08-18 14:00 - 00098506 _____ C:\WINDOWS\system32\perfc005.dat
2016-04-21 17:46 - 2015-02-26 00:32 - 01606500 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-04-21 17:46 - 2015-02-26 00:32 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-04-21 17:45 - 2015-09-17 20:09 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-21 17:45 - 2015-09-04 12:06 - 00001054 _____ C:\WINDOWS\Tasks\ExObslI9P8NNjD3RrGI0HIktb.job
2016-04-21 17:45 - 2015-02-25 22:09 - 00000000 ____D C:\WINDOWS
2016-04-21 17:45 - 2004-08-18 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-04-21 17:44 - 2015-09-04 12:10 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-21 17:44 - 2015-02-25 21:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-21 17:39 - 2015-02-25 22:09 - 00000000 ___HD C:\WINDOWS\inf
2016-04-21 17:38 - 2015-02-25 21:47 - 00000000 ____D C:\Documents and Settings\Pierre
2016-04-21 17:34 - 2015-02-26 00:32 - 01606500 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-04-21 17:31 - 2015-03-01 11:51 - 00211826 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2016-04-21 17:31 - 2015-02-25 21:47 - 00000178 ___SH C:\Documents and Settings\Pierre\ntuser.ini
2016-04-21 17:31 - 2015-02-25 21:40 - 00032460 _____ C:\WINDOWS\SchedLgU.Txt
2016-04-21 17:30 - 2015-07-12 23:12 - 00000000 ____D C:\AdwCleaner
2016-04-21 17:30 - 2015-02-25 21:47 - 00000000 ___RD C:\Documents and Settings\Pierre\Nabídka Start\Programy
2016-04-21 17:30 - 2015-02-25 21:47 - 00000000 ___RD C:\Documents and Settings\Pierre\Dokumenty
2016-04-21 17:23 - 2015-09-15 23:28 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\JDownloader v2.0
2016-04-21 10:19 - 2016-02-10 18:24 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Tunngle
2016-04-20 01:05 - 2016-02-10 17:27 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Tunngle
2016-04-18 21:06 - 2015-02-25 22:15 - 00000000 ___HD C:\Documents and Settings\Default User\Local Settings\Data aplikací
2016-04-14 11:15 - 2015-02-26 14:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 11:10 - 2015-02-26 14:25 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 15:34 - 2015-02-28 22:27 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\vlc
2016-04-13 02:06 - 2015-02-25 23:56 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-04-08 11:03 - 2015-06-19 00:32 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-04-08 11:03 - 2015-06-19 00:32 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-04-07 20:48 - 2015-02-26 00:54 - 00000000 ____D C:\Program Files\Counter Strike 1.6
2016-04-07 20:48 - 2015-02-26 00:51 - 00000000 ____D C:\Documents and Settings\Pierre\GSplay
2016-04-06 00:05 - 2015-10-04 08:35 - 00001221 _____ C:\Documents and Settings\Pierre\Plocha\MiPCSuite.lnk
2016-04-06 00:05 - 2015-10-04 08:35 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager
2016-03-29 23:16 - 2016-02-10 17:27 - 00000000 ____D C:\Program Files\Tunngle
2016-03-29 19:48 - 2015-03-01 11:51 - 01772232 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1454471165-1326574676-839522115-1003-0.dat

==================== Files in the root of some directories =======

2016-04-21 18:18 - 2016-04-21 18:18 - 6494208 _____ () C:\Documents and Settings\Pierre\Data aplikací\agent.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0054272 _____ () C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0065568 _____ () C:\Documents and Settings\Pierre\Data aplikací\Config.xml
2015-08-17 15:56 - 2015-08-17 15:56 - 0000245 _____ () C:\Documents and Settings\Pierre\Data aplikací\del.bat
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 0079662 _____ () C:\Documents and Settings\Pierre\Data aplikací\inst.lat
2016-04-21 18:18 - 2016-04-21 18:18 - 0015840 _____ () C:\Documents and Settings\Pierre\Data aplikací\InstallationConfiguration.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 0127488 _____ () C:\Documents and Settings\Pierre\Data aplikací\Installer.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0126464 _____ () C:\Documents and Settings\Pierre\Data aplikací\lobby.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0018432 _____ () C:\Documents and Settings\Pierre\Data aplikací\Main.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0005568 _____ () C:\Documents and Settings\Pierre\Data aplikací\md.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 0126464 _____ () C:\Documents and Settings\Pierre\Data aplikací\noah.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 1027584 _____ () C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 1626777 _____ () C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 1027584 _____ () C:\Documents and Settings\Pierre\Data aplikací\Sanzap.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 0072717 _____ () C:\Documents and Settings\Pierre\Data aplikací\Sanzap.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 0848437 _____ () C:\Documents and Settings\Pierre\Data aplikací\Silverlight.bin
2016-04-21 18:18 - 2016-04-21 18:18 - 0032038 _____ () C:\Documents and Settings\Pierre\Data aplikací\uninstall_temp.ico
2015-06-25 19:59 - 2015-10-04 08:22 - 0009216 _____ () C:\Documents and Settings\Pierre\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-30 20:46 - 2016-04-21 18:26 - 0029696 _____ () C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MSGBOX.EXE
2016-04-21 18:21 - 2016-04-21 18:21 - 0356864 _____ () C:\Documents and Settings\All Users\Data aplikací\smp2.exe
2015-09-04 11:48 - 2015-09-04 11:48 - 0004105 _____ () C:\Documents and Settings\All Users\Data aplikací\wmzddnmb.cix

Files to move or delete:
====================
C:\Documents and Settings\Pierre\Local Settings\temp\22.exe


Some files in TEMP:
====================
C:\Documents and Settings\Pierre\Local Settings\temp\130868260149721582.exe
C:\Documents and Settings\Pierre\Local Settings\temp\13086826016440908203.exe
C:\Documents and Settings\Pierre\Local Settings\temp\22.exe
C:\Documents and Settings\Pierre\Local Settings\temp\3098.exe
C:\Documents and Settings\Pierre\Local Settings\temp\8115.exe
C:\Documents and Settings\Pierre\Local Settings\temp\8333.exe
C:\Documents and Settings\Pierre\Local Settings\temp\Browser_V5.6.11466.7_r_4714_(Build1603281525).exe
C:\Documents and Settings\Pierre\Local Settings\temp\geeplayersetup_unfix.exe
C:\Documents and Settings\Pierre\Local Settings\temp\IQIYIsetup_l_huayukeji@kb006.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u65-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u91-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\libeay32.dll
C:\Documents and Settings\Pierre\Local Settings\temp\listicka-partner-16194-1.1.8-offline.exe
C:\Documents and Settings\Pierre\Local Settings\temp\msvcr120.dll
C:\Documents and Settings\Pierre\Local Settings\temp\pps104.exe
C:\Documents and Settings\Pierre\Local Settings\temp\proxy_vole6407598957250881067.dll
C:\Documents and Settings\Pierre\Local Settings\temp\qqpcmgr_v10.5.15816.217_70557_Silence.exe
C:\Documents and Settings\Pierre\Local Settings\temp\qqpcmgr_v11.3.17195.214_78450_Silence.exe
C:\Documents and Settings\Pierre\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Pierre\Local Settings\temp\set.exe
C:\Documents and Settings\Pierre\Local Settings\temp\setup.exe
C:\Documents and Settings\Pierre\Local Settings\temp\setup3.exe
C:\Documents and Settings\Pierre\Local Settings\temp\Setup__2140_il357769.exe
C:\Documents and Settings\Pierre\Local Settings\temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Documents and Settings\Pierre\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\Pierre\Local Settings\temp\{94DF23C8-D11B-4097-914C-20448C9B66C9}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Re: Vir z facebook chatu

Napsal: 21 dub 2016 18:18
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Vir z facebook chatu

Napsal: 21 dub 2016 18:46
od pierres
dam tu 2 logy protoze po restartu mi log nenajel automaticky
# AdwCleaner v5.112 - Logfile created 21/04/2016 at 19:32:00
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : Pierre - NERO
# Running from : c:\Pierre\adwcleaner_5.112.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[!] Service Not Deleted : QQPCRTP
[-] Service Deleted : SMUpd
[-] Service Deleted : SMUpdd
[-] Service Deleted : TS888
[-] Service Deleted : TAOAccelerator
[-] Service Deleted : TSDefenseBt
[!] Service Not Deleted : TSSysKit
[-] Service Deleted : QMUdisk
[-] Service Deleted : TFsFlt
[!] Service Not Deleted : tsksp
[!] Service Not Deleted : QQSysMon
[!] Service Not Deleted : TsFltMgr
[-] Service Deleted : TAOKernelDriver
[-] Service Deleted : QQPCHelper
[-] Service Deleted : QMIEProtect
[-] Service Deleted : MPCKpt
[-] Service Deleted : MPCBase
[-] Service Deleted : softaal
[-] Service Deleted : CloudPrinter

***** [ Folders ] *****

[-] Folder Deleted : C:\DOCUME~1\Pierre\LOCALS~1\Temp\MPC
[-] Folder Deleted : C:\DOCUME~1\Pierre\LOCALS~1\Temp\tencent
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\SearchModule
[#] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\tencent
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\CloudPrinter
[#] Folder Deleted : C:\Documents and Settings\Pierre\Data aplikací\tencent
[-] Folder Deleted : C:\Documents and Settings\Pierre\Nabídka Start\Programy\腾讯软件
[-] Folder Deleted : C:\Program Files\MPC Cleaner
[#] Folder Deleted : C:\Program Files\tencent
[-] Folder Deleted : C:\Program Files\Torrent Search
[#] Folder Deleted : C:\Program Files\Common Files\tencent

***** [ Files ] *****

[-] File Deleted : C:\Documents and Settings\Pierre\Plocha\Continue installation .lnk
[-] File Deleted : C:\WINDOWS\QMNetworkMgr.ini
[-] File Deleted : C:\WINDOWS\system32\findit.xml
[!] File Not Deleted : C:\WINDOWS\system32\drivers\TsFltMgr.sys
[!] File Not Deleted : C:\WINDOWS\system32\drivers\TSDefenseBt.sys
[!] File Not Deleted : C:\WINDOWS\system32\drivers\TFsFlt.sys
[-] File Deleted : C:\WINDOWS\system32\drivers\TAOKernelXP.sys
[-] File Deleted : C:\WINDOWS\system32\drivers\TS888.sys
[-] File Deleted : C:\WINDOWS\system32\drivers\TAOAccelerator.sys
[-] File Deleted : C:\WINDOWS\system32\drivers\MPCBase.sys
[-] File Deleted : C:\WINDOWS\system32\drivers\MPCKpt.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Update Service for Torrent Search
[-] Task Deleted : SMW_UpdateTask_Time_333533323338323033352d3437415a556c2a3223346c41

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Value Deleted : HKCU\Environment [SNF]
[-] Value Deleted : HKCU\Environment [SNP]
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan
[-] Key Deleted : HKLM\SOFTWARE\Classes\AndroidPopup.AndroidServer
[-] Key Deleted : HKLM\SOFTWARE\Classes\AndroidPopup.AndroidServer.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\metnsd
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmbfile
[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\qmgcfiles
[-] Key Deleted : HKLM\SOFTWARE\Classes\qpakfile
[-] Key Deleted : HKLM\SOFTWARE\Classes\QQPCMgr.qbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{920D873D-05AB-4574-AD3A-872DD173658A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E727987-C8EA-44DA-8749-310C0FBE3C3E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torrent Search
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppHelper
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\10.5.15816.217\QMAccountProtection.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCmgrInstallGuide.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCMgr.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMDL.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\bugreport.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCFileOpen.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCLeakScan.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPConfig.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCSoftMgr.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCBTU.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCClinic.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCLaunch.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMUpdate\QQPCMgrUpdate.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCSoftGame.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCSysOptimize.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCUpdateAVLib.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQRepair.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\Uninst.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCPatch.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TpkUpdate.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMRouterMgr.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMAccountProtection.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMAdBlock.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [c:\program files\common files\tencent\qqdownload\130\tencentdl.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [c:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\10.5.15816.217\QMAccountProtection.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCmgrInstallGuide.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCMgr.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMDL.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\bugreport.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCFileOpen.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCLeakScan.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPConfig.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCSoftMgr.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCBTU.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCClinic.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCLaunch.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMUpdate\QQPCMgrUpdate.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCSoftGame.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCSysOptimize.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCUpdateAVLib.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQRepair.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\Uninst.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCPatch.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TpkUpdate.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMRouterMgr.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMAccountProtection.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMAdBlock.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [c:\program files\common files\tencent\qqdownload\130\tencentdl.exe]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [c:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [apphide]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [apphide]
[#] Value Deleted : HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run [apphide]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [pcmgr]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5913 bytes] - [21/04/2016 17:30:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [12266 bytes] - [04/09/2015 12:35:41]
C:\AdwCleaner\AdwCleaner[C3].txt - [20514 bytes] - [21/04/2016 19:32:00]
C:\AdwCleaner\AdwCleaner[C4].txt - [6344 bytes] - [30/12/2015 18:15:50]
C:\AdwCleaner\AdwCleaner[R0].txt - [5466 bytes] - [12/07/2015 23:12:35]
C:\AdwCleaner\AdwCleaner[R1].txt - [880 bytes] - [12/07/2015 23:18:14]
C:\AdwCleaner\AdwCleaner[S0].txt - [4961 bytes] - [12/07/2015 23:14:28]
C:\AdwCleaner\AdwCleaner[S1].txt - [7227 bytes] - [15/02/2016 18:53:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [19337 bytes] - [21/04/2016 19:05:39]
C:\AdwCleaner\AdwCleaner[S3].txt - [31112 bytes] - [04/09/2015 12:34:51]
C:\AdwCleaner\AdwCleaner[S7].txt - [5894 bytes] - [30/12/2015 18:05:19]
C:\AdwCleaner\AdwCleaner[S8].txt - [5894 bytes] - [30/12/2015 18:11:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [21246 bytes] ##########


A jeste ciste po skenu ted

# AdwCleaner v5.112 - Logfile created 21/04/2016 at 19:41:51
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : Pierre - NERO
# Running from : c:\Pierre\adwcleaner_5.112.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : QQPCRTP
Service Found : TS888
Service Found : TAOAccelerator
Service Found : TSDefenseBt
Service Found : TSSysKit
Service Found : QMUdisk
Service Found : TFsFlt
Service Found : tsksp
Service Found : QQSysMon
Service Found : TsFltMgr
Service Found : TAOKernelDriver
Service Found : TSSK
Service Found : QQPCHelper
Service Found : QMIEProtect
Service Found : softaal

***** [ Folders ] *****

Folder Found : C:\DOCUME~1\Pierre\LOCALS~1\Temp\tencent
Folder Found : C:\Documents and Settings\All Users\Data aplikací\tencent
Folder Found : C:\Documents and Settings\Pierre\Data aplikací\tencent
Folder Found : C:\Program Files\tencent
Folder Found : C:\Program Files\Common Files\tencent

***** [ Files ] *****

File Found : C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
File Found : C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
File Found : C:\WINDOWS\system32\tssk.sys
File Found : C:\WINDOWS\system32\drivers\TsFltMgr.sys
File Found : C:\WINDOWS\system32\drivers\TSDefenseBt.sys
File Found : C:\WINDOWS\system32\drivers\TFsFlt.sys
File Found : C:\WINDOWS\system32\drivers\TAOKernelXP.sys
File Found : C:\WINDOWS\system32\drivers\TS888.sys
File Found : C:\WINDOWS\system32\drivers\TAOAccelerator.sys
File Found : C:\WINDOWS\system32\drivers\MPCBase.sys
File Found : C:\WINDOWS\system32\drivers\MPCKpt.sys

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon
Key Found : HKLM\SOFTWARE\Classes\qmgcfiles
Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{920D873D-05AB-4574-AD3A-872DD173658A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.hao123.com/?tn=95972258_hao_pg
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.hao123.com/?tn=95972258_hao_pg
Data Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sTRm4aAJLt4LIUJzEgiY6I7AfIcSaYAcznIuZ7WXER1-3PQg_ZIxhBtQZYMA4H5qC5qY6_AeLklZU5S-Uu
Data Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sTRm4aAJLt4LIUJzEgiY6I7AfIcSaYAcznIuZ7WXER1-3PQg_ZIxhBtQZYMA4H5qC5qY6_AeLklZU5S-Uu
Data Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.hao123.com/?tn=95972258_hao_pg
Data Found : HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Data Found : HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Common Files\Tencent\QQDownload\130\Tencentdl.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Common Files\Tencent\QQDownload\130\bugreport_xf.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Common Files\Tencent\QQDownload\130\bugreport_xf.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Common Files\Tencent\QQDownload\130\Tencentdl.exe]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0FDD15E1-D10C-4195-8EFB-87052BFC6870}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
Value Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
Key Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Data Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {ielnksrch}
Value Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
Key Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Data Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {ielnksrch}
Value Found : HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
Key Found : HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0FDD15E1-D10C-4195-8EFB-87052BFC6870}

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5913 bytes] - [21/04/2016 17:30:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [12266 bytes] - [04/09/2015 12:35:41]
C:\AdwCleaner\AdwCleaner[C3].txt - [21326 bytes] - [21/04/2016 19:32:00]
C:\AdwCleaner\AdwCleaner[C4].txt - [6344 bytes] - [30/12/2015 18:15:50]
C:\AdwCleaner\AdwCleaner[R0].txt - [5466 bytes] - [12/07/2015 23:12:35]
C:\AdwCleaner\AdwCleaner[R1].txt - [880 bytes] - [12/07/2015 23:18:14]
C:\AdwCleaner\AdwCleaner[S0].txt - [4961 bytes] - [12/07/2015 23:14:28]
C:\AdwCleaner\AdwCleaner[S1].txt - [7227 bytes] - [15/02/2016 18:53:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [19337 bytes] - [21/04/2016 19:05:39]
C:\AdwCleaner\AdwCleaner[S3].txt - [31112 bytes] - [04/09/2015 12:34:51]
C:\AdwCleaner\AdwCleaner[S4].txt - [14302 bytes] - [21/04/2016 19:41:51]
C:\AdwCleaner\AdwCleaner[S7].txt - [5894 bytes] - [30/12/2015 18:05:19]
C:\AdwCleaner\AdwCleaner[S8].txt - [5894 bytes] - [30/12/2015 18:11:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [14522 bytes] ##########

Re: Vir z facebook chatu

Napsal: 21 dub 2016 19:54
od Rudy
Dejte nový log FRST.

Re: Vir z facebook chatu

Napsal: 21 dub 2016 20:18
od pierres
Ten tencent QQPCMgr mi tam taky vyskakuje v cinstine porad...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-12-2015
Ran by Pierre (administrator) on NERO (21-04-2016 21:15:22)
Running from C:\Documents and Settings\Pierre\Plocha
Loaded Profiles: Pierre (Available Profiles: Pierre)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Documents and Settings\All Users\Data aplikací\Quoteex\Quoteex.exe
() C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
() C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe
() C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\DOCUME~1\Pierre\LOCALS~1\temp\22.exe
(GoPro) C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
(Tunngle.net GmbH) C:\Program Files\Tunngle\Tunngle.exe
(Tunngle.net GmbH) C:\Program Files\Tunngle\Tunngle.exe
(Tunngle.net GmbH) C:\Program Files\Tunngle\TnglCtrl.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tencent) C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe
(Tencent) C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [LG Smart Share] => C:\Program Files\LG Software\LG Smart Share\SmartShareStartXP.exe [134744 2013-03-25] (LG Electronics Inc.)
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM\...\Run: [EaseUS TB Tray Agent] => C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2591888 2015-09-14] ()
HKLM\...\Run: [22] => C:\Documents and Settings\Pierre\Local Settings\temp\22.exe [3680768 2016-04-21] () <===== ATTENTION
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-07-23] (Power Software Ltd)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe [362304 2016-04-21] (Tencent)
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4556048 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [MiPhoneManager] => C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager\main\MiPhoneHelper.exe [157624 2016-03-11] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\Quoteex\Inchnix.dll => C:\Documents and Settings\All Users\Data aplikací\Quoteex\Inchnix.dll [257536 2016-04-21] ()
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt.dll [2016-04-21] (Tencent)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\CineForm Status.lnk [2015-09-16]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3FCAE0AC-E9E0-40A2-81FD-078C9EF59D9E}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{95358A7A-F515-4188-B822-D6E5B12114F4}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95044903_hao_pg
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sTRm4aAJLt4LIUJzEgiY6I7AfIcSaYAcznIuZ7WXER1-3PQg_ZIxhBtQZYMA4H5qC5qY6_AeLklZU5S-Uu
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sTRm4aAJLt4LIUJzEgiY6I7AfIcSaYAcznIuZ7WXER1-3PQg_ZIxhBtQZYMA4H5qC5qY6_AeLklZU5S-Uu
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95044903_hao_pg
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfjiHQKJsmEQZlUtlpsqh84-5WAOcvYhVxGZS_l-ErE2V8JaLhR_RO7G_ejL5vbEMOWRkD170L_VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {0FDD15E1-D10C-4195-8EFB-87052BFC6870} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Toolbar: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2014-02-25] (Společnost Microsoft)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @qq.com/QQPCMgr -> C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\npQMExtensionsMozilla.dll [2016-04-21] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-05] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sflXgJFJdrNAnWTbRiAWXy0lhHKiLnrNyfHiSk_WU4vlKkZP9YdY2LXRR1l2Xraj_0l7I3KRi6BAGbo5m5
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfmfB4RD9m9qudtgTcgjueFw7a1WLe3Lv4FBfV1ThLzShLP9eiBqFxOQXYPbHvqV18z8aFMj_fVeBUJhHP&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-19]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Disk Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-19]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Terapaper) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hkibjmfcciicdoofeljjmffoekkcnjnm [2016-04-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Gmail) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd)
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-04-21] (Tencent)
R2 Quoteex; C:\Documents and Settings\All Users\Data aplikací\\Quoteex\\Quoteex.exe [1027584 2016-04-21] () [File not signed]
R3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25104 2015-06-21] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [14944 2014-11-18] ()
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-04-21] ()
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52008 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40744 2014-12-15] ()
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14888 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [188328 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2014-11-18] ()
R3 ip100xp; C:\WINDOWS\System32\DRIVERS\ipfnd51.sys [26752 2010-11-23] (IC Plus Corp. ) [File not signed]
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [56280 2013-09-16] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [136624 2015-09-14] (NVIDIA Corporation)
R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMIEProtect.sys [50488 2016-01-12] ()
R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QMUdisk.sys [104440 2016-04-21] (Tencent)
S1 QQPCHelper; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\QQPCHelper.sys [34936 2016-04-21] (Tencent)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114304 2015-07-23] (Power Software Ltd)
R1 softaal; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\softaal.sys [45816 2016-04-21] (Tencent)
R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator.sys [126008 2016-04-21] (Tencent)
R3 tap0901t; C:\WINDOWS\System32\DRIVERS\tap0901t.sys [43568 2015-12-21] (Tunngle.net)
R3 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFlt.sys [159608 2016-04-21] (电脑管家)
R1 TSDefenseBt; C:\WINDOWS\System32\DRIVERS\TSDefenseBt.sys [14008 2016-04-21] (Tencent)
R0 TsFltMgr; C:\WINDOWS\System32\drivers\TsFltMgr.sys [137816 2016-04-21] (电脑管家)
R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSKsp.sys [220984 2016-04-21] (电脑管家)
R3 TSSK; C:\WINDOWS\System32\tssk.sys [83576 2016-04-21] (电脑管家)
R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSSysKit.sys [111736 2016-04-21] (电脑管家)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 MSICDSetup; \??\D:\CDriver.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
R4 TAOKernelDriver; \??\C:\WINDOWS\system32\Drivers\TAOKernelXP.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 20:29 - 2016-04-21 20:28 - 00126008 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator.sys
2016-04-21 20:29 - 2016-04-21 20:28 - 00014008 _____ (Tencent) C:\WINDOWS\system32\Drivers\TSDefenseBt.sys
2016-04-21 20:28 - 2016-04-21 20:28 - 00159608 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFlt.sys
2016-04-21 20:28 - 2016-04-21 20:28 - 00137816 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TsFltMgr.sys
2016-04-21 20:28 - 2016-04-21 20:28 - 00000000 ____D C:\Documents and Settings\Pierre\Nabídka Start\Programy\腾讯软件
2016-04-21 19:56 - 2016-04-21 19:56 - 00000067 _____ C:\WINDOWS\QMNetworkMgr.ini
2016-04-21 19:41 - 2016-04-21 20:28 - 00083576 _____ (电脑管家) C:\WINDOWS\system32\TSSK.sys
2016-04-21 19:37 - 2016-04-21 19:56 - 00039928 _____ (Tencent) C:\WINDOWS\system32\Drivers\TS888.sys
2016-04-21 19:36 - 2016-04-21 19:38 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-04-21 19:35 - 2016-04-21 19:35 - 00053992 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-04-21 19:35 - 2016-04-21 19:35 - 00029032 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCBase.sys
2016-04-21 19:02 - 2016-04-21 19:02 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikac铆
2016-04-21 18:45 - 2016-04-21 18:45 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikac韁Tencent
2016-04-21 18:45 - 2016-04-21 18:45 - 00000000 ____D C:\Documents and Settings\All Users\TXQMPC
2016-04-21 18:45 - 2016-04-21 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikac韁Tencent
2016-04-21 18:45 - 2016-04-21 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\KingSoft
2016-04-21 18:44 - 2016-04-21 20:53 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Tencent
2016-04-21 18:44 - 2016-04-21 20:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Tencent
2016-04-21 18:44 - 2016-04-21 18:44 - 00000000 ____D C:\Program Files\Tencent
2016-04-21 18:44 - 2016-04-21 18:44 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\Tencent
2016-04-21 18:26 - 2016-04-21 18:26 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\UCBrowser
2016-04-21 18:22 - 2016-04-21 18:22 - 00000000 ____D C:\Program Files\badu
2016-04-21 18:21 - 2016-04-21 19:56 - 00000652 _____ C:\WINDOWS\Tasks\SMW_P.job
2016-04-21 18:21 - 2016-04-21 18:21 - 00356864 _____ C:\Documents and Settings\All Users\Data aplikací\smp2.exe
2016-04-21 18:21 - 2016-04-21 18:21 - 00000000 ____D C:\Program Files\Common Files\Doobzo
2016-04-21 18:19 - 2016-04-21 18:19 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Quoteexs
2016-04-21 18:18 - 2016-04-21 19:56 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Quoteex
2016-04-21 18:18 - 2016-04-21 18:18 - 06494208 _____ C:\Documents and Settings\Pierre\Data aplikací\agent.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 01626777 _____ C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 01027584 _____ C:\Documents and Settings\Pierre\Data aplikací\Sanzap.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 01027584 _____ C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 00848437 _____ C:\Documents and Settings\Pierre\Data aplikací\Silverlight.bin
2016-04-21 18:18 - 2016-04-21 18:18 - 00127488 _____ C:\Documents and Settings\Pierre\Data aplikací\Installer.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00126464 _____ C:\Documents and Settings\Pierre\Data aplikací\noah.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00126464 _____ C:\Documents and Settings\Pierre\Data aplikací\lobby.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00079662 _____ C:\Documents and Settings\Pierre\Data aplikací\inst.lat
2016-04-21 18:18 - 2016-04-21 18:18 - 00072717 _____ C:\Documents and Settings\Pierre\Data aplikací\Sanzap.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 00065568 _____ C:\Documents and Settings\Pierre\Data aplikací\Config.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 00054272 _____ C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00018432 _____ C:\Documents and Settings\Pierre\Data aplikací\Main.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00015840 _____ C:\Documents and Settings\Pierre\Data aplikací\InstallationConfiguration.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 00005568 _____ C:\Documents and Settings\Pierre\Data aplikací\md.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 00000000 ____D C:\Program Files\Common Files\Transrandax
2016-04-21 17:44 - 2016-04-21 17:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini042116-01.dmp
2016-04-21 17:37 - 2016-04-21 17:37 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-04-18 21:06 - 2016-04-18 21:06 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Data aplikací\Google
2016-04-08 11:03 - 2016-04-08 11:03 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-03-29 23:16 - 2016-04-21 10:18 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\EurekaLog
2016-03-29 14:31 - 2016-03-29 14:31 - 01463253 _____ C:\Documents and Settings\Pierre\Plocha\Dane 2016 5132550_2015_d298ba1310.pdf
2016-03-29 13:59 - 2016-03-29 13:59 - 00237486 _____ C:\Documents and Settings\Pierre\Plocha\A160302_VEN_005_DANE_2015_D.XLSX
2016-03-26 14:02 - 2016-03-26 14:02 - 00036864 _____ C:\Documents and Settings\Pierre\Plocha\1458856945_e3dd35254fffe456a5472dae15fd9e16.xls
2016-03-25 02:53 - 2016-03-25 02:53 - 00047166 _____ C:\Documents and Settings\Pierre\Dokumenty\Agents of SHIELD S03E13 - Parting Shot (AVS).srt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-21 21:15 - 2015-12-30 20:47 - 00024945 _____ C:\Documents and Settings\Pierre\Plocha\FRST.txt
2016-04-21 21:15 - 2015-12-30 20:47 - 00000000 ____D C:\FRST
2016-04-21 21:15 - 2015-07-13 00:36 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\temp
2016-04-21 21:03 - 2015-06-19 00:32 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-21 20:44 - 2015-02-26 00:41 - 00009328 _____ C:\WINDOWS\system32\nvAppTimestamps
2016-04-21 20:28 - 2015-02-25 22:15 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start
2016-04-21 20:28 - 2015-02-25 22:15 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-04-21 20:28 - 2015-02-25 21:47 - 00000000 ___RD C:\Documents and Settings\Pierre\Nabídka Start\Programy
2016-04-21 20:28 - 2015-02-25 21:47 - 00000000 ____D C:\Documents and Settings\Pierre\Plocha
2016-04-21 20:14 - 2016-02-10 18:24 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Tunngle
2016-04-21 20:09 - 2015-09-17 20:09 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-21 20:09 - 2015-03-01 11:51 - 01988174 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1454471165-1326574676-839522115-1003-0.dat
2016-04-21 20:09 - 2015-03-01 11:51 - 00216222 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2016-04-21 20:01 - 2015-03-01 10:42 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz
2016-04-21 20:00 - 2015-02-25 22:16 - 01184620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-21 20:00 - 2004-08-18 14:00 - 00489962 _____ C:\WINDOWS\system32\perfh005.dat
2016-04-21 20:00 - 2004-08-18 14:00 - 00098506 _____ C:\WINDOWS\system32\perfc005.dat
2016-04-21 19:57 - 2015-02-26 00:32 - 01606500 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-04-21 19:57 - 2015-02-26 00:32 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-04-21 19:56 - 2015-02-25 22:09 - 00000000 ____D C:\WINDOWS
2016-04-21 19:56 - 2015-02-25 21:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-21 19:56 - 2004-08-18 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-04-21 19:54 - 2015-02-25 21:47 - 00000178 ___SH C:\Documents and Settings\Pierre\ntuser.ini
2016-04-21 19:54 - 2015-02-25 21:47 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací
2016-04-21 19:54 - 2015-02-25 21:47 - 00000000 ____D C:\Documents and Settings\Pierre
2016-04-21 19:54 - 2015-02-25 21:40 - 00032460 _____ C:\WINDOWS\SchedLgU.Txt
2016-04-21 19:53 - 2015-09-04 12:00 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Unity
2016-04-21 19:52 - 2015-09-04 12:12 - 00001819 _____ C:\Documents and Settings\Default User\Nabídka Start\Programy\Google Chrome.lnk
2016-04-21 19:52 - 2015-09-04 12:12 - 00001813 _____ C:\Documents and Settings\Default User\Plocha\Google Chrome.lnk
2016-04-21 19:41 - 2015-07-12 23:12 - 00000000 ____D C:\AdwCleaner
2016-04-21 19:40 - 2015-02-25 22:13 - 00000000 ____D C:\Pierre
2016-04-21 19:37 - 2015-02-26 00:32 - 01606500 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-04-21 19:32 - 2015-02-25 22:15 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2016-04-21 19:20 - 2015-02-25 22:02 - 00049184 _____ C:\Documents and Settings\Pierre\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2016-04-21 19:19 - 2015-02-25 22:15 - 00220040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-21 19:02 - 2015-02-25 22:15 - 00000000 ____D C:\Documents and Settings\All Users
2016-04-21 18:44 - 2015-02-25 21:40 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2016-04-21 18:31 - 2015-02-25 21:47 - 00000000 ___RD C:\Documents and Settings\Pierre\Nabídka Start
2016-04-21 18:26 - 2015-12-30 20:46 - 00029696 _____ C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MSGBOX.EXE
2016-04-21 18:26 - 2015-02-25 22:15 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-04-21 18:26 - 2015-02-25 21:47 - 00000000 ___HD C:\Documents and Settings\Pierre\Local Settings\Data aplikací
2016-04-21 18:20 - 2015-04-03 10:13 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Mozilla
2016-04-21 17:51 - 2015-02-25 21:47 - 00001599 _____ C:\Documents and Settings\Pierre\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-04-21 17:50 - 2015-02-25 21:36 - 00001599 _____ C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-04-21 17:50 - 2015-02-25 21:36 - 00001507 _____ C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2016-04-21 17:44 - 2015-09-04 12:10 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-21 17:39 - 2015-02-25 22:09 - 00000000 ___HD C:\WINDOWS\inf
2016-04-21 17:30 - 2015-02-25 21:47 - 00000000 ___RD C:\Documents and Settings\Pierre\Dokumenty
2016-04-21 17:23 - 2015-09-15 23:28 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\JDownloader v2.0
2016-04-20 01:05 - 2016-02-10 17:27 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Tunngle
2016-04-18 21:06 - 2015-02-25 22:15 - 00000000 ___HD C:\Documents and Settings\Default User\Local Settings\Data aplikací
2016-04-14 11:15 - 2015-02-26 14:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 11:10 - 2015-02-26 14:25 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 15:34 - 2015-02-28 22:27 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\vlc
2016-04-13 02:06 - 2015-02-25 23:56 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-04-08 11:03 - 2015-06-19 00:32 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-04-08 11:03 - 2015-06-19 00:32 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-04-07 20:48 - 2015-02-26 00:54 - 00000000 ____D C:\Program Files\Counter Strike 1.6
2016-04-07 20:48 - 2015-02-26 00:51 - 00000000 ____D C:\Documents and Settings\Pierre\GSplay
2016-04-06 00:05 - 2015-10-04 08:35 - 00001221 _____ C:\Documents and Settings\Pierre\Plocha\MiPCSuite.lnk
2016-04-06 00:05 - 2015-10-04 08:35 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager
2016-03-29 23:16 - 2016-02-10 17:27 - 00000000 ____D C:\Program Files\Tunngle

==================== Files in the root of some directories =======

2016-04-21 18:18 - 2016-04-21 18:18 - 6494208 _____ () C:\Documents and Settings\Pierre\Data aplikací\agent.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0054272 _____ () C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0065568 _____ () C:\Documents and Settings\Pierre\Data aplikací\Config.xml
2015-08-17 15:56 - 2015-08-17 15:56 - 0000245 _____ () C:\Documents and Settings\Pierre\Data aplikací\del.bat
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 0079662 _____ () C:\Documents and Settings\Pierre\Data aplikací\inst.lat
2016-04-21 18:18 - 2016-04-21 18:18 - 0015840 _____ () C:\Documents and Settings\Pierre\Data aplikací\InstallationConfiguration.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 0127488 _____ () C:\Documents and Settings\Pierre\Data aplikací\Installer.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0126464 _____ () C:\Documents and Settings\Pierre\Data aplikací\lobby.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0018432 _____ () C:\Documents and Settings\Pierre\Data aplikací\Main.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0005568 _____ () C:\Documents and Settings\Pierre\Data aplikací\md.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 0126464 _____ () C:\Documents and Settings\Pierre\Data aplikací\noah.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 1027584 _____ () C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 1626777 _____ () C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 1027584 _____ () C:\Documents and Settings\Pierre\Data aplikací\Sanzap.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 0072717 _____ () C:\Documents and Settings\Pierre\Data aplikací\Sanzap.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 0848437 _____ () C:\Documents and Settings\Pierre\Data aplikací\Silverlight.bin
2016-04-21 18:18 - 2016-04-21 18:18 - 0032038 _____ () C:\Documents and Settings\Pierre\Data aplikací\uninstall_temp.ico
2015-06-25 19:59 - 2015-10-04 08:22 - 0009216 _____ () C:\Documents and Settings\Pierre\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-30 20:46 - 2016-04-21 18:26 - 0029696 _____ () C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MSGBOX.EXE
2016-04-21 18:21 - 2016-04-21 18:21 - 0356864 _____ () C:\Documents and Settings\All Users\Data aplikací\smp2.exe
2015-09-04 11:48 - 2015-09-04 11:48 - 0004105 _____ () C:\Documents and Settings\All Users\Data aplikací\wmzddnmb.cix

Files to move or delete:
====================
C:\Documents and Settings\Pierre\Local Settings\temp\22.exe


Some files in TEMP:
====================
C:\Documents and Settings\Pierre\Local Settings\temp\130868260149721582.exe
C:\Documents and Settings\Pierre\Local Settings\temp\13086826016440908203.exe
C:\Documents and Settings\Pierre\Local Settings\temp\22.exe
C:\Documents and Settings\Pierre\Local Settings\temp\3098.exe
C:\Documents and Settings\Pierre\Local Settings\temp\8115.exe
C:\Documents and Settings\Pierre\Local Settings\temp\8333.exe
C:\Documents and Settings\Pierre\Local Settings\temp\Browser_V5.6.11466.7_r_4714_(Build1603281525).exe
C:\Documents and Settings\Pierre\Local Settings\temp\geeplayersetup_unfix.exe
C:\Documents and Settings\Pierre\Local Settings\temp\IQIYIsetup_l_huayukeji@kb006.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u65-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u91-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\listicka-partner-16194-1.1.8-offline.exe
C:\Documents and Settings\Pierre\Local Settings\temp\PCMgr_Setup_11_5_17490_219.exe
C:\Documents and Settings\Pierre\Local Settings\temp\pps104.exe
C:\Documents and Settings\Pierre\Local Settings\temp\proxy_vole6407598957250881067.dll
C:\Documents and Settings\Pierre\Local Settings\temp\qqpcmgr_v10.5.15816.217_70557_Silence.exe
C:\Documents and Settings\Pierre\Local Settings\temp\qqpcmgr_v11.3.17195.214_78450_Silence.exe
C:\Documents and Settings\Pierre\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Pierre\Local Settings\temp\set.exe
C:\Documents and Settings\Pierre\Local Settings\temp\setup.exe
C:\Documents and Settings\Pierre\Local Settings\temp\setup3.exe
C:\Documents and Settings\Pierre\Local Settings\temp\Setup__2140_il357769.exe
C:\Documents and Settings\Pierre\Local Settings\temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Documents and Settings\Pierre\Local Settings\temp\{94DF23C8-D11B-4097-914C-20448C9B66C9}.dll


=================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Re: Vir z facebook chatu

Napsal: 21 dub 2016 21:09
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM\...\Run: [22] => C:\Documents and Settings\Pierre\Local Settings\temp\22.exe [3680768 2016-04-21] () <===== ATTENTION
C:\Documents and Settings\Pierre\Local Settings\temp\22.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95044903_hao_pg
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72% ... LklZU5S-Uu
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72% ... LklZU5S-Uu
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95044903_hao_pg
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {0FDD15E1-D10C-4195-8EFB-87052BFC6870} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72% ... i6BAGbo5m5
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... eBUJhHP&q={searchTerms}
R3 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFlt.sys [159608 2016-04-21] (电脑管家)
R0 TsFltMgr; C:\WINDOWS\System32\drivers\TsFltMgr.sys [137816 2016-04-21] (电脑管家)
R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSKsp.sys [220984 2016-04-21] (电脑管家)
R3 TSSK; C:\WINDOWS\System32\tssk.sys [83576 2016-04-21] (电脑管家)
R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSSysKit.sys [111736 2016-04-21] (电脑管家)
S4 IntelIde; no ImagePath
C:\WINDOWS\system32\Drivers\TFsFlt.sys
C:\WINDOWS\system32\Drivers\TsFltMgr.sys
C:\Documents and Settings\Pierre\Nabídka Start\Programy\腾讯软件
C:\WINDOWS\QMNetworkMgr.ini
(电脑管家) C:\WINDOWS\system32\TSSK.sys
C:\Documents and Settings\All Users\Data aplikac铆
C:\Documents and Settings\Pierre\Data aplikac韁Tencent
C:\Documents and Settings\All Users\TXQMPC
C:\Documents and Settings\All Users\Data aplikac韁Tencent
C:\Documents and Settings\Pierre\Data aplikací\Tencent
C:\Documents and Settings\All Users\Data aplikací\Tencent
C:\Program Files\Tencent
C:\Documents and Settings\LocalService\Data aplikací\Tencent
C:\Documents and Settings\All Users\Data aplikací\Quoteexs
C:\Documents and Settings\All Users\Data aplikací\Quoteex
C:\Documents and Settings\Pierre\Data aplikací\agent.dat
C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.tst
C:\Documents and Settings\Pierre\Data aplikací\Sanzap.exe
C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe
C:\Documents and Settings\Pierre\Data aplikací\Installer.dat
C:\Documents and Settings\Pierre\Data aplikací\noah.dat
C:\Documents and Settings\Pierre\Data aplikací\lobby.dat
C:\Documents and Settings\Pierre\Data aplikací\inst.lat
C:\Documents and Settings\Pierre\Data aplikací\Sanzap.tst
C:\Documents and Settings\Pierre\Data aplikací\Config.xml
C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat
C:\Documents and Settings\Pierre\Data aplikací\Main.dat
C:\Documents and Settings\Pierre\Data aplikací\InstallationConfiguration.xml
C:\Documents and Settings\Pierre\Data aplikací\md.xml
C:\Program Files\Common Files\Transrandax
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\Pierre\Data aplikací\agent.dat
C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat
C:\Documents and Settings\Pierre\Data aplikací\Config.xml
C:\Documents and Settings\Pierre\Data aplikací\del.bat
C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb
C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb.exe
C:\Documents and Settings\Pierre\Data aplikací\inst.lat
C:\Documents and Settings\Pierre\Data aplikací\InstallationConfiguration.xml
C:\Documents and Settings\Pierre\Data aplikací\Installer.dat
C:\Documents and Settings\Pierre\Data aplikací\lobby.dat
C:\Documents and Settings\Pierre\Data aplikací\Main.dat
C:\Documents and Settings\Pierre\Data aplikací\md.xml
C:\Documents and Settings\Pierre\Data aplikací\noah.dat
C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe
C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.tst
C:\Documents and Settings\Pierre\Data aplikací\Sanzap.tst
C:\Documents and Settings\All Users\Data aplikací\wmzddnmb.cix
C:\Documents and Settings\Pierre\Local Settings\temp\22.exe
C:\Documents and Settings\Pierre\Local Settings\temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Vir z facebook chatu

Napsal: 21 dub 2016 21:21
od pierres
Fix result of Farbar Recovery Scan Tool (x86) Version:30-12-2015
Ran by Pierre (2016-04-21 22:19:27) Run:1
Running from C:\Documents and Settings\Pierre\Plocha
Loaded Profiles: Pierre (Available Profiles: Pierre)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [22] => C:\Documents and Settings\Pierre\Local Settings\temp\22.exe [3680768 2016-04-21] () <===== ATTENTION
C:\Documents and Settings\Pierre\Local Settings\temp\22.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95044903_hao_pg
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72% ... LklZU5S-Uu
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72% ... LklZU5S-Uu
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95044903_hao_pg
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... VRGPvOY&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {0FDD15E1-D10C-4195-8EFB-87052BFC6870} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,
SearchScopes: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72% ... i6BAGbo5m5
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G4Lzamobl2140BK,85deacda-0df5-4b77-ab49-6968bcd52e8a,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... eBUJhHP&q={searchTerms}
R3 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFlt.sys [159608 2016-04-21] (电脑管家)
R0 TsFltMgr; C:\WINDOWS\System32\drivers\TsFltMgr.sys [137816 2016-04-21] (电脑管家)
R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSKsp.sys [220984 2016-04-21] (电脑管家)
R3 TSSK; C:\WINDOWS\System32\tssk.sys [83576 2016-04-21] (电脑管家)
R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\11.5.17490.219\TSSysKit.sys [111736 2016-04-21] (电脑管家)
S4 IntelIde; no ImagePath
C:\WINDOWS\system32\Drivers\TFsFlt.sys
C:\WINDOWS\system32\Drivers\TsFltMgr.sys
C:\Documents and Settings\Pierre\Nabídka Start\Programy\腾讯软件
C:\WINDOWS\QMNetworkMgr.ini
(电脑管家) C:\WINDOWS\system32\TSSK.sys
C:\Documents and Settings\All Users\Data aplikac铆
C:\Documents and Settings\Pierre\Data aplikac韁Tencent
C:\Documents and Settings\All Users\TXQMPC
C:\Documents and Settings\All Users\Data aplikac韁Tencent
C:\Documents and Settings\Pierre\Data aplikací\Tencent
C:\Documents and Settings\All Users\Data aplikací\Tencent
C:\Program Files\Tencent
C:\Documents and Settings\LocalService\Data aplikací\Tencent
C:\Documents and Settings\All Users\Data aplikací\Quoteexs
C:\Documents and Settings\All Users\Data aplikací\Quoteex
C:\Documents and Settings\Pierre\Data aplikací\agent.dat
C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.tst
C:\Documents and Settings\Pierre\Data aplikací\Sanzap.exe
C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe
C:\Documents and Settings\Pierre\Data aplikací\Installer.dat
C:\Documents and Settings\Pierre\Data aplikací\noah.dat
C:\Documents and Settings\Pierre\Data aplikací\lobby.dat
C:\Documents and Settings\Pierre\Data aplikací\inst.lat
C:\Documents and Settings\Pierre\Data aplikací\Sanzap.tst
C:\Documents and Settings\Pierre\Data aplikací\Config.xml
C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat
C:\Documents and Settings\Pierre\Data aplikací\Main.dat
C:\Documents and Settings\Pierre\Data aplikací\InstallationConfiguration.xml
C:\Documents and Settings\Pierre\Data aplikací\md.xml
C:\Program Files\Common Files\Transrandax
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Documents and Settings\Pierre\Data aplikací\agent.dat
C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat
C:\Documents and Settings\Pierre\Data aplikací\Config.xml
C:\Documents and Settings\Pierre\Data aplikací\del.bat
C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb
C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb.exe
C:\Documents and Settings\Pierre\Data aplikací\inst.lat
C:\Documents and Settings\Pierre\Data aplikací\InstallationConfiguration.xml
C:\Documents and Settings\Pierre\Data aplikací\Installer.dat
C:\Documents and Settings\Pierre\Data aplikací\lobby.dat
C:\Documents and Settings\Pierre\Data aplikací\Main.dat
C:\Documents and Settings\Pierre\Data aplikací\md.xml
C:\Documents and Settings\Pierre\Data aplikací\noah.dat
C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe
C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.tst
C:\Documents and Settings\Pierre\Data aplikací\Sanzap.tst
C:\Documents and Settings\All Users\Data aplikací\wmzddnmb.cix
C:\Documents and Settings\Pierre\Local Settings\temp\22.exe
C:\Documents and Settings\Pierre\Local Settings\temp
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\22 => value removed successfully.
C:\Documents and Settings\Pierre\Local Settings\temp\22.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1454471165-1326574676-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully.
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully.
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully.
HKCR\CLSID\{ielnksrch} => key not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully.
HKCR\CLSID\{ielnksrch} => key not found.
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-1454471165-1326574676-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FDD15E1-D10C-4195-8EFB-87052BFC6870}" => key removed successfully.
HKCR\CLSID\{0FDD15E1-D10C-4195-8EFB-87052BFC6870} => key not found.
"HKU\S-1-5-21-1454471165-1326574676-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Chrome HomePage => removed successfully.
Chrome StartupUrls => removed successfully.
Chrome DefaultSearchURL => removed successfully.
TFsFlt => Unable to stop service.
TFsFlt => service could not remove
TsFltMgr => Unable to stop service.
TsFltMgr => service could not remove
TSKSP => Unable to stop service.
TSKSP => service could not remove
TSSK => Service stopped successfully.
TSSK => service could not remove
TSSysKit => Unable to stop service.
TSSysKit => service could not remove
IntelIde => service removed successfully.
Could not move "C:\WINDOWS\system32\Drivers\TFsFlt.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\TsFltMgr.sys" => Scheduled to move on reboot.
C:\Documents and Settings\Pierre\Nabídka Start\Programy\腾讯软件 => moved successfully
C:\WINDOWS\QMNetworkMgr.ini => moved successfully
C:\WINDOWS\system32\TSSK.sys
C:\WINDOWS\system32\TSSK.sys => No running process found
C:\Documents and Settings\All Users\Data aplikac铆 => moved successfully
C:\Documents and Settings\Pierre\Data aplikac韁Tencent => moved successfully
C:\Documents and Settings\All Users\TXQMPC => moved successfully
C:\Documents and Settings\All Users\Data aplikac韁Tencent => moved successfully

"C:\Documents and Settings\Pierre\Data aplikací\Tencent" folder move:

Could not move "C:\Documents and Settings\Pierre\Data aplikací\Tencent" => Scheduled to move on reboot.


"C:\Documents and Settings\All Users\Data aplikací\Tencent" folder move:

Could not move "C:\Documents and Settings\All Users\Data aplikací\Tencent" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-21 22:20:11)

==> ATTENTION: ATTENTION: System is not rebooted.
"C:\WINDOWS\system32\Drivers\TFsFlt.sys" => Could not move
"C:\WINDOWS\system32\Drivers\TsFltMgr.sys" => Could not move
"C:\Documents and Settings\Pierre\Data aplikací\Tencent" => Could not move
"C:\Documents and Settings\All Users\Data aplikací\Tencent" => Could not move

==== End of Fixlog 22:20:11 ====

Re: Vir z facebook chatu

Napsal: 22 dub 2016 12:18
od pierres
Odstranil jsem v safe modu to qqmgr pomoci adwcleaner, ale porad me stve safefinder v chromu je i v naistalovanych programech a nejde odstranit.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-12-2015
Ran by Pierre (administrator) on NERO (22-04-2016 13:13:54)
Running from C:\Documents and Settings\Pierre\Plocha
Loaded Profiles: Pierre (Available Profiles: Pierre)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
() C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tunngle.net GmbH) C:\Program Files\Tunngle\Tunngle.exe
(Tunngle.net GmbH) C:\Program Files\Tunngle\Tunngle.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tunngle.net GmbH) C:\Program Files\Tunngle\TnglCtrl.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-17] (Logitech Inc.)
HKLM\...\Run: [LG Smart Share] => C:\Program Files\LG Software\LG Smart Share\SmartShareStartXP.exe [134744 2013-03-25] (LG Electronics Inc.)
HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM\...\Run: [EaseUS TB Tray Agent] => C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2591888 2015-09-14] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [366904 2015-07-23] (Power Software Ltd)
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4556048 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Run: [MiPhoneManager] => C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager\main\MiPhoneHelper.exe [157624 2016-03-11] ()
HKU\S-1-5-21-1454471165-1326574676-839522115-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\Quoteex\Inchnix.dll => C:\Documents and Settings\All Users\Data aplikací\Quoteex\Inchnix.dll [257536 2016-04-21] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3FCAE0AC-E9E0-40A2-81FD-078C9EF59D9E}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{95358A7A-F515-4188-B822-D6E5B12114F4}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
Toolbar: HKU\S-1-5-21-1454471165-1326574676-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2014-02-25] (Společnost Microsoft)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-05] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sflXgJFJdrNAnWTbRiAWXy0lhHKiLnrNyfHiSk_WU4vlKkZP9YdY2LXRR1l2Xraj_0l7I3KRi6BAGbo5m5
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5Ws0RErzyPsJ4T7k2COOv4oRHbgpZu2LUFGw9gPtHD0MXnlWN7KG6uKFJJVYhghjj_sfmfB4RD9m9qudtgTcgjueFw7a1WLe3Lv4FBfV1ThLzShLP9eiBqFxOQXYPbHvqV18z8aFMj_fVeBUJhHP&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-19]
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Disk Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Tabulky Google) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-19]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Gmail) - C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1030928 2015-02-27] (Disc Soft Ltd)
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
S4 Quoteex; C:\Documents and Settings\All Users\Data aplikací\\Quoteex\\Quoteex.exe [1027584 2016-04-21] () [File not signed]
R3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25104 2015-06-21] (Disc Soft Ltd)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [14944 2014-11-18] ()
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2016-04-21] ()
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52008 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40744 2014-12-15] ()
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14888 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [188328 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2014-11-18] ()
R3 ip100xp; C:\WINDOWS\System32\DRIVERS\ipfnd51.sys [26752 2010-11-23] (IC Plus Corp. ) [File not signed]
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [56280 2013-09-16] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [136624 2015-09-14] (NVIDIA Corporation)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114304 2015-07-23] (Power Software Ltd)
R3 tap0901t; C:\WINDOWS\System32\DRIVERS\tap0901t.sys [43568 2015-12-21] (Tunngle.net)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 11:44 - 2016-04-22 11:54 - 00000777 _____ C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2016-04-22 11:44 - 2016-04-22 11:54 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2016-04-22 11:43 - 2016-04-22 11:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-04-22 11:43 - 2016-04-22 11:43 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-04-22 11:43 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-22 11:43 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-22 11:07 - 2016-04-22 11:07 - 00000000 __SHD C:\WINDOWS\CSC
2016-04-22 10:58 - 2016-04-22 10:58 - 03683904 _____ C:\Documents and Settings\Pierre\Plocha\adwcleaner_5.112.exe
2016-04-22 10:20 - 2016-04-22 10:20 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\Mozilla
2016-04-21 22:35 - 2016-04-21 22:35 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikac韁Tencent
2016-04-21 22:35 - 2016-04-21 22:35 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikac韁Tencent
2016-04-21 22:35 - 2016-04-21 22:35 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikac铆
2016-04-21 22:19 - 2016-04-21 22:30 - 00013133 _____ C:\Documents and Settings\Pierre\Plocha\Fixlog.txt
2016-04-21 22:04 - 2016-04-22 11:31 - 00211142 _____ C:\WINDOWS\ntbtlog.txt
2016-04-21 21:43 - 2016-04-21 21:43 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikac韁Tencent
2016-04-21 18:45 - 2016-04-21 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\KingSoft
2016-04-21 18:44 - 2016-04-21 18:44 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací\Tencent
2016-04-21 18:26 - 2016-04-21 18:26 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\UCBrowser
2016-04-21 18:21 - 2016-04-21 18:21 - 00356864 _____ C:\Documents and Settings\All Users\Data aplikací\smp2.exe
2016-04-21 18:21 - 2016-04-21 18:21 - 00000000 ____D C:\Program Files\Common Files\Doobzo
2016-04-21 18:19 - 2016-04-21 18:19 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Quoteexs
2016-04-21 18:18 - 2016-04-22 11:12 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Quoteex
2016-04-21 18:18 - 2016-04-21 18:18 - 06494208 _____ C:\Documents and Settings\Pierre\Data aplikací\agent.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 01626777 _____ C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 01027584 _____ C:\Documents and Settings\Pierre\Data aplikací\Sanzap.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 01027584 _____ C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 00848437 _____ C:\Documents and Settings\Pierre\Data aplikací\Silverlight.bin
2016-04-21 18:18 - 2016-04-21 18:18 - 00127488 _____ C:\Documents and Settings\Pierre\Data aplikací\Installer.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00126464 _____ C:\Documents and Settings\Pierre\Data aplikací\noah.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00126464 _____ C:\Documents and Settings\Pierre\Data aplikací\lobby.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00079662 _____ C:\Documents and Settings\Pierre\Data aplikací\inst.lat
2016-04-21 18:18 - 2016-04-21 18:18 - 00072717 _____ C:\Documents and Settings\Pierre\Data aplikací\Sanzap.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 00065568 _____ C:\Documents and Settings\Pierre\Data aplikací\Config.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 00054272 _____ C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00018432 _____ C:\Documents and Settings\Pierre\Data aplikací\Main.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 00015840 _____ C:\Documents and Settings\Pierre\Data aplikací\InstallationConfiguration.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 00005568 _____ C:\Documents and Settings\Pierre\Data aplikací\md.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 00000000 ____D C:\Program Files\Common Files\Transrandax
2016-04-21 17:44 - 2016-04-21 17:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini042116-01.dmp
2016-04-21 17:37 - 2016-04-21 17:37 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-04-18 21:06 - 2016-04-18 21:06 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Data aplikací\Google
2016-04-08 11:03 - 2016-04-08 11:03 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-03-29 23:16 - 2016-04-21 10:18 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\EurekaLog
2016-03-29 14:31 - 2016-03-29 14:31 - 01463253 _____ C:\Documents and Settings\Pierre\Plocha\Dane 2016 5132550_2015_d298ba1310.pdf
2016-03-29 13:59 - 2016-03-29 13:59 - 00237486 _____ C:\Documents and Settings\Pierre\Plocha\A160302_VEN_005_DANE_2015_D.XLSX
2016-03-26 14:02 - 2016-03-26 14:02 - 00036864 _____ C:\Documents and Settings\Pierre\Plocha\1458856945_e3dd35254fffe456a5472dae15fd9e16.xls
2016-03-25 02:53 - 2016-03-25 02:53 - 00047166 _____ C:\Documents and Settings\Pierre\Dokumenty\Agents of SHIELD S03E13 - Parting Shot (AVS).srt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 13:14 - 2015-12-30 20:47 - 00014038 _____ C:\Documents and Settings\Pierre\Plocha\FRST.txt
2016-04-22 13:14 - 2015-07-13 00:36 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\temp
2016-04-22 13:13 - 2015-12-30 20:47 - 00000000 ____D C:\FRST
2016-04-22 13:03 - 2015-06-19 00:32 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-22 12:41 - 2015-02-25 22:13 - 00000000 ____D C:\Pierre
2016-04-22 12:17 - 2016-02-10 18:24 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Tunngle
2016-04-22 12:14 - 2015-02-25 21:47 - 00000000 ____D C:\Documents and Settings\Pierre\Plocha
2016-04-22 12:11 - 2015-02-26 00:41 - 00009486 _____ C:\WINDOWS\system32\nvAppTimestamps
2016-04-22 11:55 - 2015-02-25 22:15 - 00000000 ____D C:\Documents and Settings\All Users
2016-04-22 11:55 - 2015-02-25 21:47 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací
2016-04-22 11:54 - 2015-02-25 22:15 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-04-22 11:53 - 2015-02-25 22:16 - 01184620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-22 11:53 - 2004-08-18 14:00 - 00489962 _____ C:\WINDOWS\system32\perfh005.dat
2016-04-22 11:53 - 2004-08-18 14:00 - 00098506 _____ C:\WINDOWS\system32\perfc005.dat
2016-04-22 11:50 - 2015-02-26 00:32 - 01606500 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-04-22 11:50 - 2015-02-26 00:32 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-04-22 11:49 - 2015-09-17 20:09 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-22 11:49 - 2015-02-25 21:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-22 11:49 - 2004-08-18 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-04-22 11:47 - 2015-02-25 21:47 - 00000178 ___SH C:\Documents and Settings\Pierre\ntuser.ini
2016-04-22 11:44 - 2015-02-25 22:15 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-04-22 11:36 - 2015-07-12 23:07 - 00000000 ____D C:\Documents and Settings\Pierre\Plocha\backups
2016-04-22 11:30 - 2015-03-01 11:51 - 01988174 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1454471165-1326574676-839522115-1003-0.dat
2016-04-22 11:30 - 2015-03-01 11:51 - 00216222 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2016-04-22 11:30 - 2015-02-25 21:40 - 00032460 _____ C:\WINDOWS\SchedLgU.Txt
2016-04-22 11:17 - 2015-03-01 10:42 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Seznam.cz
2016-04-22 11:13 - 2015-02-26 00:32 - 01606500 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-04-22 11:10 - 2015-02-25 22:09 - 00000000 ____D C:\WINDOWS
2016-04-22 11:09 - 2015-07-12 23:12 - 00000000 ____D C:\AdwCleaner
2016-04-22 11:05 - 2015-02-25 21:47 - 00000000 ____D C:\Documents and Settings\Pierre
2016-04-22 10:20 - 2015-02-25 21:40 - 00000000 ____D C:\Documents and Settings\LocalService\Data aplikací
2016-04-22 10:18 - 2015-07-12 23:16 - 00000008 __RSH C:\Documents and Settings\All Users\ntuser.pol
2016-04-21 22:44 - 2016-02-10 17:27 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Tunngle
2016-04-21 22:19 - 2015-07-12 22:57 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-04-21 22:19 - 2015-02-25 21:47 - 00000000 ___RD C:\Documents and Settings\Pierre\Nabídka Start\Programy
2016-04-21 22:14 - 2015-02-25 22:15 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start
2016-04-21 22:02 - 2015-02-25 22:14 - 00000327 __RSH C:\boot.ini
2016-04-21 22:02 - 2004-08-18 14:00 - 00000600 _____ C:\WINDOWS\win.ini
2016-04-21 22:02 - 2004-08-18 14:00 - 00000227 _____ C:\WINDOWS\system.ini
2016-04-21 21:43 - 2015-02-25 21:40 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-04-21 21:16 - 2015-02-25 22:15 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2016-04-21 19:53 - 2015-09-04 12:00 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Unity
2016-04-21 19:52 - 2015-09-04 12:12 - 00001819 _____ C:\Documents and Settings\Default User\Nabídka Start\Programy\Google Chrome.lnk
2016-04-21 19:52 - 2015-09-04 12:12 - 00001813 _____ C:\Documents and Settings\Default User\Plocha\Google Chrome.lnk
2016-04-21 19:32 - 2015-02-25 22:15 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2016-04-21 19:20 - 2015-02-25 22:02 - 00049184 _____ C:\Documents and Settings\Pierre\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2016-04-21 19:19 - 2015-02-25 22:15 - 00220040 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-21 18:31 - 2015-02-25 21:47 - 00000000 ___RD C:\Documents and Settings\Pierre\Nabídka Start
2016-04-21 18:26 - 2015-12-30 20:46 - 00029696 _____ C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MSGBOX.EXE
2016-04-21 18:26 - 2015-02-25 21:47 - 00000000 ___HD C:\Documents and Settings\Pierre\Local Settings\Data aplikací
2016-04-21 18:20 - 2015-04-03 10:13 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\Mozilla
2016-04-21 17:51 - 2015-02-25 21:47 - 00001599 _____ C:\Documents and Settings\Pierre\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-04-21 17:50 - 2015-02-25 21:36 - 00001599 _____ C:\Documents and Settings\Default User\Nabídka Start\Programy\Vzdálená pomoc.lnk
2016-04-21 17:50 - 2015-02-25 21:36 - 00001507 _____ C:\Documents and Settings\All Users\Nabídka Start\Windows Update.lnk
2016-04-21 17:44 - 2015-09-04 12:10 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-21 17:39 - 2015-02-25 22:09 - 00000000 ___HD C:\WINDOWS\inf
2016-04-21 17:30 - 2015-02-25 21:47 - 00000000 ___RD C:\Documents and Settings\Pierre\Dokumenty
2016-04-21 17:23 - 2015-09-15 23:28 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\JDownloader v2.0
2016-04-18 21:06 - 2015-02-25 22:15 - 00000000 ___HD C:\Documents and Settings\Default User\Local Settings\Data aplikací
2016-04-14 11:15 - 2015-02-26 14:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 11:10 - 2015-02-26 14:25 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 15:34 - 2015-02-28 22:27 - 00000000 ____D C:\Documents and Settings\Pierre\Data aplikací\vlc
2016-04-13 02:06 - 2015-02-25 23:56 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-04-08 11:03 - 2015-06-19 00:32 - 00797376 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-04-08 11:03 - 2015-06-19 00:32 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-04-07 20:48 - 2015-02-26 00:54 - 00000000 ____D C:\Program Files\Counter Strike 1.6
2016-04-07 20:48 - 2015-02-26 00:51 - 00000000 ____D C:\Documents and Settings\Pierre\GSplay
2016-04-06 00:05 - 2015-10-04 08:35 - 00001221 _____ C:\Documents and Settings\Pierre\Plocha\MiPCSuite.lnk
2016-04-06 00:05 - 2015-10-04 08:35 - 00000000 ____D C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MiPhoneManager
2016-03-29 23:16 - 2016-02-10 17:27 - 00000000 ____D C:\Program Files\Tunngle

==================== Files in the root of some directories =======

2016-04-21 18:18 - 2016-04-21 18:18 - 6494208 _____ () C:\Documents and Settings\Pierre\Data aplikací\agent.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0054272 _____ () C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0065568 _____ () C:\Documents and Settings\Pierre\Data aplikací\Config.xml
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 ____N () C:\Documents and Settings\Pierre\Data aplikací\ExObslI9P8NNjD3RrGI0HIktb
2016-04-21 18:18 - 2016-04-21 18:18 - 0079662 _____ () C:\Documents and Settings\Pierre\Data aplikací\inst.lat
2016-04-21 18:18 - 2016-04-21 18:18 - 0015840 _____ () C:\Documents and Settings\Pierre\Data aplikací\InstallationConfiguration.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 0127488 _____ () C:\Documents and Settings\Pierre\Data aplikací\Installer.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0126464 _____ () C:\Documents and Settings\Pierre\Data aplikací\lobby.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0018432 _____ () C:\Documents and Settings\Pierre\Data aplikací\Main.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 0005568 _____ () C:\Documents and Settings\Pierre\Data aplikací\md.xml
2016-04-21 18:18 - 2016-04-21 18:18 - 0126464 _____ () C:\Documents and Settings\Pierre\Data aplikací\noah.dat
2016-04-21 18:18 - 2016-04-21 18:18 - 1027584 _____ () C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 1626777 _____ () C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 1027584 _____ () C:\Documents and Settings\Pierre\Data aplikací\Sanzap.exe
2016-04-21 18:18 - 2016-04-21 18:18 - 0072717 _____ () C:\Documents and Settings\Pierre\Data aplikací\Sanzap.tst
2016-04-21 18:18 - 2016-04-21 18:18 - 0848437 _____ () C:\Documents and Settings\Pierre\Data aplikací\Silverlight.bin
2016-04-21 18:18 - 2016-04-21 18:18 - 0032038 _____ () C:\Documents and Settings\Pierre\Data aplikací\uninstall_temp.ico
2015-06-25 19:59 - 2015-10-04 08:22 - 0009216 _____ () C:\Documents and Settings\Pierre\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-30 20:46 - 2016-04-21 18:26 - 0029696 _____ () C:\Documents and Settings\Pierre\Local Settings\Data aplikací\MSGBOX.EXE
2016-04-21 18:21 - 2016-04-21 18:21 - 0356864 _____ () C:\Documents and Settings\All Users\Data aplikací\smp2.exe
2015-09-04 11:48 - 2015-09-04 11:48 - 0004105 _____ () C:\Documents and Settings\All Users\Data aplikací\wmzddnmb.cix

Some files in TEMP:
====================
C:\Documents and Settings\Pierre\Local Settings\temp\130868260149721582.exe
C:\Documents and Settings\Pierre\Local Settings\temp\13086826016440908203.exe
C:\Documents and Settings\Pierre\Local Settings\temp\3098.exe
C:\Documents and Settings\Pierre\Local Settings\temp\8115.exe
C:\Documents and Settings\Pierre\Local Settings\temp\8333.exe
C:\Documents and Settings\Pierre\Local Settings\temp\Browser_V5.6.11466.7_r_4714_(Build1603281525).exe
C:\Documents and Settings\Pierre\Local Settings\temp\geeplayersetup_unfix.exe
C:\Documents and Settings\Pierre\Local Settings\temp\IQIYIsetup_l_huayukeji@kb006.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u65-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\jre-8u91-windows-au.exe
C:\Documents and Settings\Pierre\Local Settings\temp\libeay32.dll
C:\Documents and Settings\Pierre\Local Settings\temp\listicka-partner-16194-1.1.8-offline.exe
C:\Documents and Settings\Pierre\Local Settings\temp\msvcr120.dll
C:\Documents and Settings\Pierre\Local Settings\temp\PCMgr_Setup_11_5_17490_219.exe
C:\Documents and Settings\Pierre\Local Settings\temp\pps104.exe
C:\Documents and Settings\Pierre\Local Settings\temp\proxy_vole6407598957250881067.dll
C:\Documents and Settings\Pierre\Local Settings\temp\qqpcmgr_v10.5.15816.217_70557_Silence.exe
C:\Documents and Settings\Pierre\Local Settings\temp\qqpcmgr_v11.3.17195.214_78450_Silence.exe
C:\Documents and Settings\Pierre\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Pierre\Local Settings\temp\set.exe
C:\Documents and Settings\Pierre\Local Settings\temp\setup.exe
C:\Documents and Settings\Pierre\Local Settings\temp\setup3.exe
C:\Documents and Settings\Pierre\Local Settings\temp\Setup__2140_il357769.exe
C:\Documents and Settings\Pierre\Local Settings\temp\sqlite-3.8.2-x86-sqlitejdbc.dll
C:\Documents and Settings\Pierre\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\Pierre\Local Settings\temp\{94DF23C8-D11B-4097-914C-20448C9B66C9}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Re: Vir z facebook chatu

Napsal: 22 dub 2016 18:11
od Rudy
Udělejte ještě tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.






Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

Re: Vir z facebook chatu

Napsal: 23 dub 2016 17:53
od pierres
Dobry vecer, problem zda se byt vyreseny, ale safefinder zustal v seznamu nainstalovanych programu, ale v chromu se uz nijak neprojevuje.

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Pierre on so 23.04.2016 at 18:32:57,62.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Pierre\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

23.4.2016 18:34:27 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\GUM2C5D.tmp deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\GUM2C5D.tmp not found
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Quoteexs deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Quoteex deleted
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\Program Files\8a3fa2ab-68dd-44a5-9e44-cdb0d0f22aab deleted
C:\Program Files\AGEIA Technologies deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\310647400001027 deleted
C:\Documents and Settings\Pierre\.android deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\{FA77A43D-F6ED-4924-87B5-517C061388C6} deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\KingSoft deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Package Cache deleted
C:\WINDOWS\Fonts\iqiyi_logo.ttf deleted
C:\WINDOWS\002683_.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\smp2.exe deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\Program Files\Common Files\Wondershare" deleted
"C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [05.03.2015 14:33]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... rer:source?}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... orm=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Pierre\Local Settings\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Pierre\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=176 folders=76 49550766 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Pierre\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\Pierre\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on so 23.04.2016 at 18:40:49,53 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Microsoft Windows XP x86
Ran by Pierre (Administrator) on so 23.04.2016 at 18:44:14,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\Documents and Settings\Pierre\Data aplikacˇ\xiaomi (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7601B58I (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7KN6ZN6K (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ASUIUH4T (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\VLNA6F18 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7601B58I (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7KN6ZN6K (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ASUIUH4T (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VLNA6F18 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 23.04.2016 at 18:45:07,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Vir z facebook chatu

Napsal: 23 dub 2016 18:50
od Rudy
OK. Změnilo se něco?

Re: Vir z facebook chatu

Napsal: 23 dub 2016 19:17
od pierres
No uz se to nejak neprojevuje, jen ovladacich panelech-pridat nebo odebrat programy tak v tom seznamu je mezi naistalovanymi safefinder a kdyz kliknu na odebrat nebo zmenit, tak spadne chrome.
Tak se bojim at se to nevrati.

Re: Vir z facebook chatu

Napsal: 23 dub 2016 20:03
od Rudy
Pro jistotu to ještě projeďte kompletním skenem MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.

Re: Vir z facebook chatu

Napsal: 23 dub 2016 23:18
od pierres
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2016.04.23.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pierre :: NERO [administrátor]

23.4.2016 23:30:01
MBAM-log-2016-04-24 (00-18-10).txt

Typ: Kompletní kontrola (C:\|Z:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 409714
Uplynulý čas: 44 minut, 35 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 18
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659} (PUP.Optional.TorrentSearch) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659} (PUP.Optional.TorrentSearch) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659} (PUP.Optional.TorrentSearch) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06153BD7-CDA1-4DDC-A9C5-6B5B3E88ED6E} (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QUOTEEX.EXE (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
HKCU\Software\CinemaP-1.9cV01.03-nv-ie (PUP.Optional.Cinema) -> Nebyla provedena žádná instrukce.
HKCU\Software\CinemaP-1.9cV04.09-nv (PUP.Optional.Cinema) -> Nebyla provedena žádná instrukce.
HKCU\Software\CinemaP-1.9cV04.09-nv-ie (PUP.Optional.Cinema) -> Nebyla provedena žádná instrukce.
HKCU\Software\Internet Speed Checker-nv-ie (PUP.Optional.InternetSpeedChecker.PrxySvrRST) -> Nebyla provedena žádná instrukce.
HKCU\Software\mtQuoteex (PUP.Optional.Linkury.ACMB1) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\ESENT\Process\PCSUSpeedTest (PUP.Optional.PCSpeedUp) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Quoteex.exe (PUP.Optional.Linkury.ACMB1) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Wow6432Node\SearchModule\SMUpd (PUP.Optional.SearchModule) -> Nebyla provedena žádná instrukce.
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting (PUP.Optional.Linkury.ACMB1) -> Nebyla provedena žádná instrukce.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\QUOTEEX (PUP.Optional.Linkury.ACMB1) -> Nebyla provedena žádná instrukce.
HKLM\Software\CinemaP-1.9cV04.09-nv (PUP.Optional.Cinema) -> Nebyla provedena žádná instrukce.
HKLM\Software\CinemaP-1.9cV04.09-nv-ie (PUP.Optional.Cinema) -> Nebyla provedena žádná instrukce.
HKLM\Software\mtQuoteex (PUP.Optional.Linkury.ACMB1) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 5
HKCR\.xhtml\OpenWithProgids|CRSBRWSHTML (PUP.Optional.CrossBrowse) -> Data: -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components| (PUP.Optional.CrossBrowse) -> Data: Crossbrowse -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components|StubPath (PUP.Optional.CrossBrowse) -> Data: "C:\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components|Localized Name (PUP.Optional.CrossBrowse) -> Data: Crossbrowse -> Nebyla provedena žádná instrukce.
HKLM\SYSTEM\CurrentControlSet\Services\Quoteex|ImagePath (PUP.Optional.Linkury.ACMB1) -> Data: C:\Documents and Settings\All Users\Data aplikací\\Quoteex\\Quoteex.exe shuz -f "C:\Documents and Settings\All Users\Data aplikací\\Quoteex\\Quoteex.dat" -l -a -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 3
C:\Documents and Settings\Pierre\SupTabXP (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Doobzo (PUP.Optional.Goobzo.Gen) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Doobzo\GSUpdate (PUP.Optional.Goobzo.Gen) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 131
C:\AdwCleaner\FileQuarantine\C\Documents and Settings\All Users\Data aplikací\CloudPrinter\CloudPrinter.exe.vir (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\BrowserPlugIn.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Cleaner.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Database.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\LogReport.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\LpcManager.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\MainFrame.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Monitor.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\MPC.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\MPCAutoClean.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\MPCNews.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\MpcSafeDll.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\MpcSafeDll64.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\MPCSecurity.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\MPCSetting.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\MPCTray.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\MPCTray64.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Report.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\SafeNavi.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\SafeNavi64.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\SafeProtect.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\SetupFrame.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\TrayFrame.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Uninstall.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\UninstallFrame.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\UninstDelete.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Update.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\UpdateHost.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Upgrade.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Web.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\WinService.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\XBus.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\XProcessBus.dll.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Drivers\MPCBase.sys.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Drivers\MPCBase_32.sys.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Drivers\MPCKpt.sys.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Drivers\MPCKpt_vista_32.sys.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Drivers\MPCKpt_vista_64.sys.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Drivers\MPCKpt_xp_32.sys.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\MPC Cleaner\Exe\ADC_qd00000.exe.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\Program Files\tencent\QQPCMgr\Plugins\PluginsSetupBak\QQPhoneManager-5.5.1_710201.4892.pa.exe.vir (Backdoor.PcClient) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\WINDOWS\system32\drivers\MPCBase.sys.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\FileQuarantine\C\WINDOWS\system32\drivers\MPCKpt.sys.vir (PUP.Optional.MorePowerfulCleaner) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Data aplikací\1WdsManPro1\WdsManPro.exe.vir (PUP.Optional.WindowsProtectManager) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Data aplikací\{c08f1088-8a62-fb93-c08f-f10888a64222}\poweriso 5.1 portable (multilang).exe.vir (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Pierre\Data aplikací\JZMYE.exe.vir (PUP.Optional.CrossRider) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Documents and Settings\Pierre\Data aplikací\OpenCandy\B82797FBEF654A1DAB28538D137C8488\dh.exe.vir (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CinemaP-1.9cV04.09\483c5049-acca-48f1-b107-851cd73f0cc6.dll.vir (PUP.Optional.Nova) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CinemaP-1.9cV04.09\85baf6f7-f540-4cdf-a238-058e69b4dfe5-1-6.exe.vir (PUP.Optional.CrossRider) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CinemaP-1.9cV04.09\85baf6f7-f540-4cdf-a238-058e69b4dfe5-1-7.exe.vir (PUP.Optional.CrossRider) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CinemaP-1.9cV04.09\85baf6f7-f540-4cdf-a238-058e69b4dfe5-10.exe.vir (PUP.Optional.CrossRider) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CinemaP-1.9cV04.09\85baf6f7-f540-4cdf-a238-058e69b4dfe5-3.exe.vir (PUP.Optional.CrossRider) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CinemaP-1.9cV04.09\85baf6f7-f540-4cdf-a238-058e69b4dfe5-5.exe.vir (PUP.Optional.CrossRider) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CinemaP-1.9cV04.09\85baf6f7-f540-4cdf-a238-058e69b4dfe5-6.exe.vir (PUP.Optional.CrossRider) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CinemaP-1.9cV04.09\85baf6f7-f540-4cdf-a238-058e69b4dfe5-7.exe.vir (PUP.Optional.CrossRider) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CinemaP-1.9cV04.09\UninstallBrw.exe.vir (PUP.Optional.CrossRider) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CinemaP-1.9cV04.09\utils.exe.vir (PUP.Optional.CrossRider) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe.vir (PUP.Optional.CrossBrowse) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe.vir (PUP.Optional.CrossBrowse) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\delegate_execute.exe.vir (PUP.Optional.CrossBrowse) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\chrome_elf.dll.vir (PUP.Optional.CrossBrowse) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\metro_driver.dll.vir (PUP.Optional.CrossBrowse) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\nacl64.exe.vir (PUP.Optional.CrossBrowse) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe.vir (PUP.Optional.CrossBrowse) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe.vir (PUP.Optional.CrossBrowse) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\CutThiePrIIcE\CutThiePrIIcE.exe.vir (PUP.Optional.MultiPlug) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\eye perform\eyeperformUninstall.exe.vir (PUP.Optional.BrowseFox) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\eye perform\bin\eyeperform.BrowserAdapter.exe.vir (PUP.Optional.BrowseFox) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\eye perform\bin\027aeb7ef8c34c10be2c.dll.vir (PUP.Optional.BrowseFox) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\eye perform\bin\027aeb7ef8c34c10be2c627699fea100.dll.vir (PUP.Optional.BrowseFox) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\eye perform\bin\027aeb7ef8c34c10be2c627699fea10064.dll.vir (PUP.Optional.BrowseFox) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\eye perform\bin\027aeb7ef8c34c10be2c64.dll.vir (PUP.Optional.BrowseFox) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\eye perform\bin\eyeperform.BrowserAdapter64.exe.vir (PUP.Optional.BrowseFox) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\eye perform\bin\eyeperform.PurBrowse.exe.vir (PUP.Optional.BrowseFox) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\globalupdate.exe.vir (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\globalupdate.exe.vir (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\globalupdateBroker.exe.vir (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\globalupdateCrashHandler.exe.vir (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\globalupdateOnDemand.exe.vir (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll.vir (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll.vir (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll.vir (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll.vir (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\Program Files\XTab\ProtectService.exe.vir (PUP.Optional.XTab) -> Nebyla provedena žádná instrukce.
C:\AdwCleaner\Quarantine\C\WINDOWS\system32\drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gt.sys.vir (PUP.Optional.BrowseFox) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Data aplikací\Quotesolowarm.exe (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Data aplikací\Sanzap.exe (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Data aplikací\Silverlight.bin (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Local Settings\Data aplikací\FFA7368A-4177-4080-802E-E5D552FAFE83\FFA7368A-4177-4080-802E-E5D552FAFE83.exe (PUP.Optional.CrossBrowse) -> Nebyla provedena žádná instrukce.
C:\Pierre\Download\Game Setup File.exe (PUP.Optional.MultiPlug.PND) -> Nebyla provedena žádná instrukce.
C:\Pierre\Download\Mipony_Setup.exe (PUP.Optional.InstallCore) -> Nebyla provedena žádná instrukce.
C:\Pierre\Download\PS3 Emulator 2012.rar.exe (PUP.Optional.MultiPlug.PND) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Doobzo\GSUpdate\sma.exe (PUP.Optional.Goobzo) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Doobzo\GSUpdate\smci32.dll (PUP.Optional.SearchModule) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe (PUP.Optional.SearchModule) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Transrandax\uninstall.exe (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8B7D5408-819B-4B91-AE40-E9EB6EF6B25C}\RP2\A0000002.dll (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8B7D5408-819B-4B91-AE40-E9EB6EF6B25C}\RP2\A0000003.exe (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8B7D5408-819B-4B91-AE40-E9EB6EF6B25C}\RP2\A0000007.exe (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8B7D5408-819B-4B91-AE40-E9EB6EF6B25C}\RP2\A0000009.dll (PUP.Optional.Nova) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8B7D5408-819B-4B91-AE40-E9EB6EF6B25C}\RP2\A0000010.dll (PUP.Optional.Nova) -> Nebyla provedena žádná instrukce.
C:\zoek_backup\C_DOCUME~1_ALLUSE~1_DATAAP~1_Quoteex\Inchnix.dll (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\zoek_backup\C_DOCUME~1_ALLUSE~1_DATAAP~1_Quoteex\Quoteex.exe (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\zoek_backup\C_DOCUME~1_ALLUSE~1_DATAAP~1_Quoteex\Voyatip.exe (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\zoek_backup\C_DOCUME~1_ALLUSE~1_DATAAP~1_{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.res (PUP.Optional.APNToolBar) -> Nebyla provedena žádná instrukce.
C:\zoek_backup\C_Program Files_8a3fa2ab-68dd-44a5-9e44-cdb0d0f22aab\f65b25ba-1673-4a10-a501-7c307513e571.dll (PUP.Optional.Nova) -> Nebyla provedena žádná instrukce.
C:\zoek_backup\C_Program Files_AGEIA Technologies\43d731f9-254a-4e8a-9d5f-ede5a012adb8.dll (PUP.Optional.Nova) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage (PUP.Optional.SafeFinder) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal (PUP.Optional.SafeFinder) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Data aplikací\ApplicationHosting.dat (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Data aplikací\md.xml (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Data aplikací\noah.dat (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Data aplikací\uninstall_temp.ico (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Data aplikací\lobby.dat (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\Data aplikací\inst.lat (PUP.Optional.Linkury) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\domain (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\expirationDate (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\ie8UpdateTime (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\ie8version (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\name (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\path (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\set_z (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\TABts (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\uid (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\url (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Pierre\SupTabXP\_ver (PUP.Optional.SupTab) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Doobzo\GSUpdate\rlz_id.dll (PUP.Optional.Goobzo.Gen) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Doobzo\GSUpdate\smi32.exe (PUP.Optional.Goobzo.Gen) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Doobzo\GSUpdate\SMUninstall.exe (PUP.Optional.Goobzo.Gen) -> Nebyla provedena žádná instrukce.
C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys (PUP.Optional.Goobzo.Gen) -> Nebyla provedena žádná instrukce.

(konec)

Re: Vir z facebook chatu

Napsal: 24 dub 2016 10:10
od Rudy
Všechny nálezy smažte.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz