Prosím o kontrolu Logu, modrá obrazovka Vyřešeno

[ROCK4891]

Ahojte
Prosím vás o kontrolu logu z dôvodu že mi v poslednom čase nejako často vypne NB a nahodí modrú obrazovku, pár hlásení sa mi podari zachytiť :
používam často programy ako Ccleaner, WiseCare, Revo Uninstaller a Glary Utilities + Avast Free
A tiež by som sa chcel zbaviť tohto : http://istart.webssearches.com/?type=sc ... XX5WS1W3HP
Neviem ako sa mi to dostalo na domovskú stránku ale teraz to neviem stade a ani s NB vymazať!!!


Popis problému:
Názov problémovej udalosti: BlueScreen
Verzia OS: 6.1.7601.2.1.0.768.3
Identifikácia miestneho nastavenia: 1051

Ďalšie informácie o probléme:
BCCode: 1a
BCP1: 0000000000041790
BCP2: FFFFFA800017F370
BCP3: 000000000000FFFF
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Súbory, ktoré pomáhajú popísať problém:
C:\Windows\Minidump\030714-29484-01.dmp
C:\Users\Dominik\AppData\Local\Temp\WER-121618-0.sysdata.xml

Prečítajte si prehlásenie o používaní osobných údajov online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x041b

Ak prehlásenie o používaní osobných údajov nie je dostupné v režime online, prečítajte si ho v režime offline:
C:\Windows\system32\sk-SK\erofflps.txt




Popis problému:
Názov problémovej udalosti: BlueScreen
Verzia OS: 6.1.7601.2.1.0.768.3
Identifikácia miestneho nastavenia: 1051

Ďalšie informácie o probléme:
BCCode: 50
BCP1: FFFFFA820F80A798
BCP2: 0000000000000001
BCP3: FFFFF8800141BE6E
BCP4: 0000000000000005
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Súbory, ktoré pomáhajú popísať problém:
C:\Windows\Minidump\032714-32417-01.dmp
C:\Users\Dominik\AppData\Local\Temp\WER-31043590-0.sysdata.xml

Prečítajte si prehlásenie o používaní osobných údajov online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x041b

Ak prehlásenie o používaní osobných údajov nie je dostupné v režime online, prečítajte si ho v režime offline:
C:\Windows\system32\sk-SK\erofflps.txt





Popis problému:
Názov problémovej udalosti: BlueScreen
Verzia OS: 6.1.7601.2.1.0.768.3
Identifikácia miestneho nastavenia: 1051

Ďalšie informácie o probléme:
BCCode: 4e
BCP1: 0000000000000099
BCP2: 0000000000282182
BCP3: 0000000000000000
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Súbory, ktoré pomáhajú popísať problém:
C:\Windows\Minidump\041814-24632-01.dmp
C:\Users\Dominik\AppData\Local\Temp\WER-119964-0.sysdata.xml

Prečítajte si prehlásenie o používaní osobných údajov online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x041b

Ak prehlásenie o používaní osobných údajov nie je dostupné v režime online, prečítajte si ho v režime offline:
C:\Windows\system32\sk-SK\erofflps.txt






Popis problému:
Názov problémovej udalosti: BlueScreen
Verzia OS: 6.1.7601.2.1.0.768.3
Identifikácia miestneho nastavenia: 1051

Ďalšie informácie o probléme:
BCCode: 1a
BCP1: 0000000000041790
BCP2: FFFFFA800017F370
BCP3: 000000000000FFFF
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Súbory, ktoré pomáhajú popísať problém:
C:\Windows\Minidump\042214-18642-01.dmp
C:\Users\Dominik\AppData\Local\Temp\WER-68406-0.sysdata.xml

Prečítajte si prehlásenie o používaní osobných údajov online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x041b

Ak prehlásenie o používaní osobných údajov nie je dostupné v režime online, prečítajte si ho v režime offline:
C:\Windows\system32\sk-SK\erofflps.txt




Popis problému:
Názov problémovej udalosti: BlueScreen
Verzia OS: 6.1.7601.2.1.0.768.3
Identifikácia miestneho nastavenia: 1051

Ďalšie informácie o probléme:
BCCode: 1a
BCP1: 0000000000041790
BCP2: FFFFFA800017F370
BCP3: 000000000000FFFF
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Súbory, ktoré pomáhajú popísať problém:
C:\Windows\Minidump\051514-33774-01.dmp
C:\Users\Dominik\AppData\Local\Temp\WER-108982-0.sysdata.xml

Prečítajte si prehlásenie o používaní osobných údajov online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x041b

Ak prehlásenie o používaní osobných údajov nie je dostupné v režime online, prečítajte si ho v režime offline:
C:\Windows\system32\sk-SK\erofflps.txt





Popis problému:
Názov problémovej udalosti: BlueScreen
Verzia OS: 6.1.7601.2.1.0.768.3
Identifikácia miestneho nastavenia: 1051

Ďalšie informácie o probléme:
BCCode: 1a
BCP1: 0000000000041790
BCP2: FFFFFA800017F370
BCP3: 000000000000FFFF
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Súbory, ktoré pomáhajú popísať problém:
C:\Windows\Minidump\060914-18938-01.dmp
C:\Users\Dominik\AppData\Local\Temp\WER-87828-0.sysdata.xml

Prečítajte si prehlásenie o používaní osobných údajov online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x041b

Ak prehlásenie o používaní osobných údajov nie je dostupné v režime online, prečítajte si ho v režime offline:
C:\Windows\system32\sk-SK\erofflps.txt


Popis problému:
Názov problémovej udalosti: BlueScreen
Verzia OS: 6.1.7601.2.1.0.768.3
Identifikácia miestneho nastavenia: 1051

Ďalšie informácie o probléme:
BCCode: 1a
BCP1: 0000000000041790
BCP2: FFFFFA800017F370
BCP3: 000000000000FFFF
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Súbory, ktoré pomáhajú popísať problém:
C:\Windows\Minidump\070214-19172-01.dmp
C:\Users\Dominik\AppData\Local\Temp\WER-431139-0.sysdata.xml

Prečítajte si prehlásenie o používaní osobných údajov online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x041b

Ak prehlásenie o používaní osobných údajov nie je dostupné v režime online, prečítajte si ho v režime offline:
C:\Windows\system32\sk-SK\erofflps.txt


Windows
Problém: Neočakávané vypnutie
Súbory, ktoré bližšie popisujú problém:
072214-44647-01.dmp
sysdata.xml
WERInternalMetadata.xml
Zobraziť dočasnú kópiu týchto problémov
Upozornenie: Ak problém spôsobil vírus alebo iné ohrozenie zabezpečenia, otvorenie kópie súborov môže mať za následok poškodenie počítača.

LLLLLLOOOOOOOOOOOOOOGGGGGGGGGGGG :::::::::::::::::::::::::::::::::::::

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:37:09, on 26. 7. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Users\Dominik\AppData\Local\Pokki\Engine\HostAppService.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSAutoupdate.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX5WS1W3HP
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... XX5WS1W3HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... XX5WS1W3HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
O4 - HKCU\..\Run: [Pokki] C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - Startup: Intel(R) Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Tonec Inc\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Tonec Inc\Internet Download Manager\IEGetAll.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odoslať do rozhrania Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odoslať do &Zariadenie s rozhraním Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FD41F5D-903A-4316-BABB-C7108FA43AFA}: NameServer = 0.0.0.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\Windows\SysWOW64\nvinit.dll c:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\nvinit.dll C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16346 bytes


Na začiatku logu mi vypísalo nejaký problém ale asi iba to že to nemôže neskor Fixnúť, tak neviem či je Log správny....
Zatiaľ Ďakujem

[Reklama]

[guest]

Pokud jde o modrou obrazovku /BSOD/ je zde na to sekce kde jsou na tuto problematiku odborníci - viewforum.php?f=118

A tady je návod - viewtopic.php?f=118&t=129195

[ROCK4891]

OK už som pridal tému ďakujem a uzatváram tému

[ROCK4891]

Mohli by ste sa prosím niekto pozrieť na ten LOG....to že mám vadnú pamäť už viem! Ale že vraj mám bordel aj v NB...Inak ako sa to môže stať že mám taký bordel keď používam rôzne programy na čistenie...a čístím skoro každý týžden? Ďakujem

[Orcus]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[ROCK4891]

# AdwCleaner v3.301 - Report created 30/07/2014 at 21:56:44
# Updated 28/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dominik - DOMINIK-PC
# Running from : C:\Users\Dominik\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
File Found : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\user.js
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\FlvPlayer
Folder Found : C:\ProgramData\Right Soft
Folder Found : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\Extensions\faststartff@gmail.com
Folder Found : C:\Users\Dominik\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Dominik\AppData\Roaming\Systweak
Folder Found : C:\Users\Dominik\Desktop\sygic

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP )
Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP )
Shortcut Found : C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP )
Shortcut Found : C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP )
Shortcut Found : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP )
Shortcut Found : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP )
Shortcut Found : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP
Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://istart.webssearches.com/?type=sc ... XX5WS1W3HP
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\webssearchesSoftware
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Speedchecker Limited
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp ... XX5WS1W3HP
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp ... XX5WS1W3HP
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp ... XX5WS1W3HP
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp ... XX5WS1W3HP
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp ... XX5WS1W3HP
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp ... XX5WS1W3HP
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}

-\\ Mozilla Firefox v27.0.1 (cs)

[ File : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "webssearches");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6R8yRINYak&i=26
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Found [Extension] : niapdbllcanepiiimjjndipklodoedlc

*************************

AdwCleaner[R0].txt - [1752 octets] - [10/02/2014 19:30:04]
AdwCleaner[R1].txt - [1812 octets] - [10/02/2014 19:33:14]
AdwCleaner[R2].txt - [7790 octets] - [30/07/2014 21:56:44]
AdwCleaner[S0].txt - [1860 octets] - [10/02/2014 19:36:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [7910 octets] ##########

[ROCK4891]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30. 7. 2014
Scan Time: 22:40:30
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.30.07
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dominik

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355691
Time Elapsed: 12 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [f1becadba1daeb4bcebac851fd0759a7],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, , [4669f7aea8d33006f04fa44724de8d73],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [a30c8c19e29967cf07811306897b6997],
PUP.Optional.SProtector.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, , [2986871ed6a551e5213724ecc63e26da],
PUP.Optional.Qone8, HKU\S-1-5-21-1478861864-133897243-3711369256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [951a9411c9b26ccac0c70118699b0ff1],

Registry Values: 6
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{687578b9-7132-4a7a-80e4-30ee31099e03}, , [f4bb3f66b6c5fb3b75447ee25ca6e818],
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{687578B9-7132-4A7A-80E4-30EE31099E03}, , [f4bb3f66b6c5fb3b75447ee25ca6e818],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [317ec1e4c4b7290d5850174a6d9506fa],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [317ec1e4c4b7290d5850174a6d9506fa],
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com, , [d5da03a245361d19c45c33fa49bbba46]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\NEW WINDOWS\ALLOW|*.crossrider.com, CrossriderApp0003491, , [cfe0683d3b40d0660d0df33c976d8e72]

Registry Data: 16
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP),,[f8b7ced74d2e73c305caf5ba877d60a0]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP),,[3e7101a4c0bb77bf725e347bcb399c64]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}),,[6d42564fc2b98fa7b3144a656d9757a9]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),,[5f50a401017aa690e0e56748fa0ac739]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),,[2c835b4a790274c2b019ae01758fe61a]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}),,[1d92acf9d5a6f244a02b634c30d448b8]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}),,[36798b1a3744b58106c7c5ea4fb59a66]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[d8d72481d8a3f73f44b43188d0346c94]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP),,[01aedcc95922bd7913bc79366c98619f]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP),,[e5ca52531b60cc6ae1ef88271aead828]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}),,[f2bdcadb4d2e73c3e6e1e1ce2bd97987]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),,[07a86342e893e353aa1bd9d622e2cc34]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),,[f3bc881d88f3b284e0e9c5ea43c1c739]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[1d929411cdaed1659662ad0c33d1db25]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),,[921d3e671a61e15585450fa0a85c7a86]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),,[743b2580ec8fe84e6264bbf41fe55ba5]

Folders: 38
PUP.Optional.OpenCandy, C:\Users\Dominik\AppData\Roaming\OpenCandy, , [89266f360675bb7b82a72487837f52ae],
PUP.Optional.OpenCandy, C:\Users\Dominik\AppData\Roaming\OpenCandy\0D29450729964F9D836C284674E0629E, , [89266f360675bb7b82a72487837f52ae],
PUP.Optional.OpenCandy, C:\Users\Dominik\AppData\Roaming\OpenCandy\OpenCandy_0D29450729964F9D836C284674E0629E, , [89266f360675bb7b82a72487837f52ae],
PUP.Optional.CrossRider.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0, , [efc06b3a681364d230114d6aa16141bf],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\tools, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\lib, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\pack, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\en, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\en-US, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\es, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\es-419, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\it, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\pl, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\ru, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\tr, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\vi, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\defaults, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\defaults\preferences, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.SystemSpeedup, C:\Users\Dominik\AppData\Roaming\systweak\ssd, , [a708c2e3eb9078bea5707c488d7556aa],

Files: 75
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{520409D8-004E-4EDD-AC36-486C89E72B2E}\Custom.dll, , [505fbee7453642f4d83f0f2ee31d3ec2],
PUP.Optional.Installer.REX, C:\Users\Dominik\Downloads\helene fischer atemlos.mp3.exe, , [773895106813171fa6bf4d1d99687987],
Hacktool.CheatEngine, C:\Users\Dominik\Downloads\TROPICO.5.PLUS2TRN.403156253.ZIP, , [3e71743139423ff7f03e5edc51afd32d],
PUP.Optional.CrossRider.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0.localstorage, , [dcd3d1d4ed8ed26450eed212847ef40c],
PUP.Optional.Incredibar.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, , [327dc3e26a11da5cfd5333b2cc36e719],
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, , [0ca3e2c36c0ff442cb767b70ab572cd4],
PUP.Optional.OpenCandy, C:\Users\Dominik\AppData\Roaming\OpenCandy\0D29450729964F9D836C284674E0629E\PokkiInstaller.exe, , [89266f360675bb7b82a72487837f52ae],
PUP.Optional.CrossRider.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0\2, , [efc06b3a681364d230114d6aa16141bf],
PUP.Optional.CrossRider.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0\3, , [efc06b3a681364d230114d6aa16141bf],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome.manifest, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\install.rdf, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\index.html, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module\other.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\default_add_logo.png, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\default_add_logo_hover.png, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\logo.ico, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\logo32.ico, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\style.css, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\addonmanager.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\aes.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\config.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\dialogs.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\last_tab.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\misc.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\properties.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\remoterequest.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\settings.js, , [931c762f1368ae889d93e6dc53afbf41],
PUP.Optional.SystemSpeedup, C:\Users\Dominik\AppData\Roaming\systweak\ssd\SSDPTstub.exe, , [a708c2e3eb9078bea5707c488d7556aa],

Physical Sectors: 0
(No malicious items detected)


(end)

[Orcus]

- Znovu spusť MbAM a dej Skenovat nyní
- Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
- Zkopíruj sem celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[ROCK4891]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31. 7. 2014
Scan Time: 19:24:01
Logfile: text nový.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.30.07
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dominik

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355029
Time Elapsed: 12 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [109f3d683d3e1c1a8cfc70a98e763dc3],
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, Quarantined, [0fa0fea73f3cd066c37c41aa16ec35cb],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [0aa5c0e5f586c76fef9919001de710f0],
PUP.Optional.SProtector.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, Quarantined, [802f2283126905316eeaa36d19ebe917],
PUP.Optional.Qone8, HKU\S-1-5-21-1478861864-133897243-3711369256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [9b14693cde9d77bf91f668b1f60e8b75],

Registry Values: 6
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{687578b9-7132-4a7a-80e4-30ee31099e03}, Quarantined, [ddd24461097239fd12a7d28ecc3625db],
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{687578B9-7132-4A7A-80E4-30EE31099E03}, Quarantined, [ddd24461097239fd12a7d28ecc3625db],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, Quarantined, [ded1b9ec6e0dee48b9efb6abc2408d73],
PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, Quarantined, [ded1b9ec6e0dee48b9efb6abc2408d73],
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com, Quarantined, [6847673e9ae153e3ea3624099c68cd33]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\NEW WINDOWS\ALLOW|*.crossrider.com, CrossriderApp0003491, Quarantined, [505f089d2754f1459486240b05ff7987]

Registry Data: 16
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP),Replaced,[2e811c891467c373923d6649db29f30d]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP),Replaced,[822dbfe69dde61d51eb2842b45bfdf21]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}),Replaced,[e6c92382463504322d9afab5e22246ba]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),Replaced,[6748099c8eed73c35e671c934eb64eb2]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),Replaced,[ded1663f2457c373fccdf1becf35cd33]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}),Replaced,[2b84673ed9a26bcbddee6748ad57f50b]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}),Replaced,[f0bfbbeaa7d4dd59e2eba20d26de5fa1]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[248b8c198bf042f470880dac06fecd33]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP),Replaced,[802facf90e6d32040ec1f0bfef1540c0]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP, Good: (iexplore.exe), Bad: ("C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://istart.webssearches.com/?type=sc ... XX5WS1W3HP),Replaced,[06a9baebea91a591c808ecc39272d729]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}, Good: (www.google.com), Bad: (http://istart.webssearches.com/web/?typ ... WS1W3HP&q={searchTerms}),Replaced,[228d1c89f18ab680fec95c5344c0fc04]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),Replaced,[28876c395f1c6fc793322b84d13314ec]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),Replaced,[d3dc8b1a7308a1956f5ac1ee8480c13f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[2a859510ef8c83b346b2cced1de712ee]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),Replaced,[2a853b6a8af15cda85453f70bf4515eb]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1478861864-133897243-3711369256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp ... XX5WS1W3HP, Good: (www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... XX5WS1W3HP),Replaced,[18977f260c6f61d506c0109f93717f81]

Folders: 38
PUP.Optional.OpenCandy, C:\Users\Dominik\AppData\Roaming\OpenCandy, Quarantined, [f7b8753093e82b0bbe6bc6e524de32ce],
PUP.Optional.OpenCandy, C:\Users\Dominik\AppData\Roaming\OpenCandy\0D29450729964F9D836C284674E0629E, Quarantined, [f7b8753093e82b0bbe6bc6e524de32ce],
PUP.Optional.OpenCandy, C:\Users\Dominik\AppData\Roaming\OpenCandy\OpenCandy_0D29450729964F9D836C284674E0629E, Quarantined, [f7b8753093e82b0bbe6bc6e524de32ce],
PUP.Optional.CrossRider.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0, Quarantined, [634c7f26007bcf67d1708c2b10f24eb2],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\tools, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\lib, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\pack, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\en, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\en-US, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\es, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\es-419, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\it, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\pl, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\ru, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\tr, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\vi, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\defaults, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\defaults\preferences, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.SystemSpeedup, C:\Users\Dominik\AppData\Roaming\systweak\ssd, Quarantined, [723d673ec0bbac8adc398a3aee148b75],

Files: 75
PUP.Optional.InstalleRex.A, C:\ProgramData\InstallMate\{520409D8-004E-4EDD-AC36-486C89E72B2E}\Custom.dll, Quarantined, [ad023273057647efda3d88b59a66857b],
PUP.Optional.Installer.REX, C:\Users\Dominik\Downloads\helene fischer atemlos.mp3.exe, Quarantined, [505f1293e29950e6e4813f2b9d6411ef],
Hacktool.CheatEngine, C:\Users\Dominik\Downloads\TROPICO.5.PLUS2TRN.403156253.ZIP, Quarantined, [f5ba465f512ac37333fbb981f10fc63a],
PUP.Optional.CrossRider.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0.localstorage, Quarantined, [af00188dc6b58aac7ec042a2cb3705fb],
PUP.Optional.Incredibar.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, Quarantined, [09a60c9919628fa774dc4e9717ebe51b],
PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, Quarantined, [f0bf366fa5d6c3733f02b3387f839a66],
PUP.Optional.OpenCandy, C:\Users\Dominik\AppData\Roaming\OpenCandy\0D29450729964F9D836C284674E0629E\PokkiInstaller.exe, Quarantined, [f7b8753093e82b0bbe6bc6e524de32ce],
PUP.Optional.CrossRider.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0\2, Quarantined, [634c7f26007bcf67d1708c2b10f24eb2],
PUP.Optional.CrossRider.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pgmfkblbflahhponhjmkcnpjinenhlnc_0\3, Quarantined, [634c7f26007bcf67d1708c2b10f24eb2],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome.manifest, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\install.rdf, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\index.html, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module\other.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\default_add_logo.png, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\default_add_logo_hover.png, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\logo.ico, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\logo32.ico, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\chrome\skin\style.css, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\addonmanager.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\aes.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\config.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\dialogs.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\last_tab.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\misc.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\properties.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\remoterequest.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.FastStart.A, C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\extensions\faststartff@gmail.com\modules\settings.js, Quarantined, [1699297ca8d395a10828ead8ae546c94],
PUP.Optional.SystemSpeedup, C:\Users\Dominik\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [723d673ec0bbac8adc398a3aee148b75],

Physical Sectors: 0
(No malicious items detected)


(end)

[ROCK4891]

# AdwCleaner v3.302 - Report created 31/07/2014 at 19:48:15
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dominik - DOMINIK-PC
# Running from : C:\Users\Dominik\Desktop\adwcleaner_3.302.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Right Soft
Folder Deleted : C:\Program Files (x86)\FlvPlayer
Folder Deleted : C:\Users\Dominik\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Dominik\Desktop\sygic
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : HKLM\Software\systweak
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v27.0.1 (cs)

[ File : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\uie6ph6i.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "webssearches");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6R8yRINYak&i=26
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc

*************************

AdwCleaner[R0].txt - [1752 octets] - [10/02/2014 19:30:04]
AdwCleaner[R1].txt - [1812 octets] - [10/02/2014 19:33:14]
AdwCleaner[R2].txt - [8030 octets] - [30/07/2014 21:56:44]
AdwCleaner[R3].txt - [4832 octets] - [31/07/2014 19:47:03]
AdwCleaner[S0].txt - [1860 octets] - [10/02/2014 19:36:55]
AdwCleaner[S1].txt - [3624 octets] - [31/07/2014 19:48:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3684 octets] ##########

[ROCK4891]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dominik on çt 31. 07. 2014 at 20:07:48,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Value Name Type Value Data
========================================================================================
Pokki REG_EXPAND_SZ C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform




~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Dominik\appdata\local\{6CAF058A-00FA-46B3-A3A6-FBBD60021110}
Successfully deleted: [Empty Folder] C:\Users\Dominik\appdata\local\{82137B0F-7014-47AA-8A83-CFDB2CE52880}
Successfully deleted: [Empty Folder] C:\Users\Dominik\appdata\local\{D5EE140D-7860-4B47-8927-B5B039A7CEC6}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on çt 31. 07. 2014 at 20:21:57,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ROCK4891]

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : Dominik [Práva Správcu]
Režim : Kontrola -- Dátum : 07/31/2014 20:42:17

¤¤¤ Škodlivé procesy : 3 ¤¤¤
[Suspicious.Path] vsnp2uvc.exe -- C:\Windows\vsnp2uvc.exe[7] -> ZASTAVENÉ [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\Dominik\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> ZASTAVENÉ [TermProc]
[Suspicious.Path] StartMenuIndexer.exe -- C:\Users\Dominik\AppData\Local\Pokki\Engine\StartMenuIndexer.exe[7] -> ZASTAVENÉ [TermProc]

¤¤¤ Záznamy Registrov : 28 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | snp2uvc : C:\Windows\vsnp2uvc.exe -> NÁJDENÉ
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform -> NÁJDENÉ
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.202.32.3 195.162.161.182 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.202.32.3 195.162.161.182 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.202.32.3 195.162.161.182 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6FD41F5D-903A-4316-BABB-C7108FA43AFA} | NameServer : 0.0.0.0 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E5D7D6D3-E3F7-44A9-BE3A-F2397363FA2A} | DhcpNameServer : 213.202.32.3 195.162.161.182 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6FD41F5D-903A-4316-BABB-C7108FA43AFA} | NameServer : 0.0.0.0 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E5D7D6D3-E3F7-44A9-BE3A-F2397363FA2A} | DhcpNameServer : 213.202.32.3 195.162.161.182 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6FD41F5D-903A-4316-BABB-C7108FA43AFA} | NameServer : 0.0.0.0 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E5D7D6D3-E3F7-44A9-BE3A-F2397363FA2A} | DhcpNameServer : 213.202.32.3 195.162.161.182 -> NÁJDENÉ
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> NÁJDENÉ
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NÁJDENÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> NÁJDENÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NÁJDENÉ
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NÁJDENÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NÁJDENÉ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1478861864-133897243-3711369256-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NÁJDENÉ

¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> NÁJDENÉ

¤¤¤ Súbory : 0 ¤¤¤

¤¤¤ Súbor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: NAHRATÉ) ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 0ead0c2be44aca3e2cf57b939247a2b7
[BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK