Prosím o kontrolu logu ,pravdepodobne ide o virus Vyřešeno

[eben1338]

oka. takze tu je log z zoek.

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by kamil on ne 07.06.2015 at 19:30:29,87.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\kamil\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7.6.2015 19:32:19 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\kamil\AppData\Local\Ankama deleted successfully
C:\Users\kamil\AppData\Local\LSC deleted successfully
C:\Users\kamil\AppData\Local\TB deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2680694750-434716173-396326756-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F2611DD3-4563-4C66-960A-4A87F84555C1} deleted successfully
HKEY_USERS\S-1-5-21-2680694750-434716173-396326756-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{F2611DD3-4563-4C66-960A-4A87F84555C1} deleted successfully
HKEY_USERS\S-1-5-21-2680694750-434716173-396326756-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2680694750-434716173-396326756-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2680694750-434716173-396326756-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2680694750-434716173-396326756-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\kamil\AppData\Roaming\Mozilla\Firefox\Profiles\c4u54vsm.default\prefs.js:
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=");

Added to C:\Users\kamil\AppData\Roaming\Mozilla\Firefox\Profiles\c4u54vsm.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\windows\SysNative\Tasks\OFFICE2013ACT deleted
C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Browse and Search the Internet.lnk deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\kamil\AppData\LocalLow\TB deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\kamil\AppData\Roaming\Tunngle\Local.key" deleted
"C:\Users\kamil\AppData\Roaming\Tunngle\Local.pub" deleted
"C:\Users\kamil\AppData\Roaming\Tunngle" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\kamil\AppData\Roaming\Mozilla\Firefox\Profiles\c4u54vsm.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\kamil\AppData\Roaming\Mozilla\Firefox\Profiles\c4u54vsm.default
2E661988463BCFA1B95D4DAAB9B0B6FA - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash
F2CD1D7524F8E15AAC55568B9F72DE5B - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll - Nexon Game Controller
65C1D9F74004E775F9A8598476ABE5EE - C:\Users\kamil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
517021D1BCA1962ABF09099014A7D87D - C:\windows\SysWoW64\npOGPPlugin.dll - OGPlanet Game Plugin
AFAAF20CE491E1844AF7408EE42432AF - C:\windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cojnmaaohncijldefpkpkkakjonfmgeb - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx[11.12.2013 17:48]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Bookmark Manager - kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

==== Chromium Startpages ======================

C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Preferences
0}},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":7149},"supports_spdy":true},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.linkstant.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.nerfplz.com:80":{"alternative_service":[{"port":80,"probability":0.5,"protocol_str":"quic"}]},"www.snapengage.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.stihlavyroba.sk:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"www.trashout.me:80":{"alternative_service":[{"port":80,"probability":0.5,"protocol_str":"quic"}]},"www.youtube-nocookie.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.youtube-nocookie.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"youtu.be:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"youtu.be:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]}},"supports_quic":{"address":"192.168.88.237","used_quic":true},"version":3}},"network_profile":{"last_warning_time":"1404076012","warnings_left":1},"ntp":{"app_page_names":["Aplikácie"],"collapsed_foreign_sessions":{},"most_visited_blacklist":{}},"password_bubble":{"nopes":1},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"Save as PDF\",\"selectedDestinationOrigin\":\"local\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":null,\"selectedDestinationName\":\"Uložit jako PDF\",\"mediaSize\":{\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"width_microns\":210000,\"custom_display_name\":\"A4\"}}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]exashare.com,*":{"setting":1},"[*.]rasengan.cz,*":{"setting":1},"[*.]www.mmafighting.com,*":{"setting":1},"[*.]www.teevee.sk,*":{"setting":1},"http://nahnoji.cz:80,http://rasengan.cz:80":{"setting":1},"https://[*.]dennikn.sk:443,*":{"setting":1},"https://[*.]koukni.cz:443,*":{"setting":1},"https://[*.]www.facebook.com:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{"http://news.moviefone.com:80,http://news.moviefone.com:80":{"setting":2}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"http://hqq.tv:80,*":{"setting":2}},"media_stream_mic":{"http://hqq.tv:80,*":{"setting":2}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]broxxar.itch.io,*":{"setting":1},"[*.]www.cityofsteam.com,*":{"setting":1},"[*.]www.screenleap.com,*":{"setting":1},"[*.]www.systemrequirementslab.com,*":{"setting":1},"https://[*.]apps.facebook.com:443,*":{"setting":1}},"popups":{"[*.]www.teevee.sk,*":{"setting":1},"https://[*.]ais2.euba.sk:443,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]broxxar.itch.io,*":{"plugins":1},"[*.]exashare.com,*":{"fullscreen":1},"[*.]rasengan.cz,*":{"fullscreen":1},"[*.]www.cityofsteam.com,*":{"plugins":1},"[*.]www.mmafighting.com,*":{"fullscreen":1},"[*.]www.screenleap.com,*":{"plugins":1},"[*.]www.systemrequirementslab.com,*":{"plugins":1},"[*.]www.teevee.sk,*":{"fullscreen":1,"popups":1},"http://api.virool.com:80,*":{"last_used":{"media-stream-camera":1427742467.111987}},"http://nahnoji.cz:80,http://rasengan.cz:80":{"fullscreen":1},"https://[*.]ais2.euba.sk:443,*":{"popups":1},"https://[*.]apps.facebook.com:443,*":{"plugins":1},"https://[*.]dennikn.sk:443,*":{"fullscreen":1},"https://[*.]koukni.cz:443,*":{"fullscreen":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1}},"pref_version":1},"default_content_settings":"","exit_type":"Normal","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13078078043320697","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Prvý používateľ","password_manager_enabled":true,"password_manager_groups_for_domains":[8,null,null,null,null,null,6],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":false},"savefile":{"default_directory":"C:\\Users\\kamil\\Desktop","type":1},"selectfile":{"last_directory":"C:\\Users\\kamil\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13069092242877131"},"signin":{"signedin_time":"13073823792553860"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"history_delete_directives":true,"managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncIvHBPBcySd2Fr3DyzdJH0g==","sessions":true,"suppress_start":false,"tabs":true,"themes":true,"typed_urls":true},"translate_accepted_count":{"en":0,"ru":1},"translate_blocked_languages":["cs","sk"],"translate_denied_count":{"en":4,"ru":0},"translate_language_blacklist":["en"],"translate_last_denied_time":1413391233638.922,"translate_site_blacklist":["www.google.sk","www.youtube.com"],"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
7.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_1","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13078157284140394","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/gcm","https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleapis.com/gcm/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.81\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"783D8139E73AF9C2ED9DD64BED5CB57F2D4CA50038C5D7FFEF03A68B58E182B6"},"default_search_provider":{"keyword":"EDF8982B86803665EBE1944FB0882A2999478FC07DC077C03F5884BAEAD2A9CD","name":"E12C1EC9148126328C5E2C46C276A3E1088EAA504052C57AB00F24326CF8F0F7","search_url":"4ADDA6A27893DE5567B4CACD2BCDAC5A31B10415160A5D24310CBEB3DD4FEB3B"},"default_search_provider_data":{"template_url_data":"756FDC24D141A6907D64AF35937D418610CC85F1499E36DA2484E0F3EAADD2EC"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"14B9202DA56797199AC1E9CA59AC6F45280D4654E007F5A58ACE7C21B2C917B8","bepbmhgboaologfdajaanbcjmnhjmhfn":"9967B8981EAFAC4629AD4193152740874269874576F00CD023C054AEC3A4444D","cojnmaaohncijldefpkpkkakjonfmgeb":"045F397F21BBAC0A7A3C6870A98DB23AECE5E68331107E595005192D36046C4C","eemcgdkfndhakfknompkggombfjjjeno":"918B8735C6895F6DB3C53D983A39FE298F0F40C31B33EE08C022F43969622C71","ennkphjdgehloodpbhlhldgbnhmacadg":"C51AFBEDDC2289A0AC4546288352EBD471113F1E6424C32B765D129865B3B376","flliilndjeohchalpbbcdekjklbdgfkk":"98581DCFC48FE7571EF4B6229FA209B97C854ADFD3AD80B7B05DDD4DEAD6FD0B","gfdkimpbcpahaombhbimeihdjnejgicl":"441C6C91FEB92B404F9B6031EFFA9DD3622B65FEEFFB0A84016353F3C2305072","gmlllbghnfkpflemihljekbapjopfjik":"FC6CD02498D8EF818675E928F896E91792D1D44DD6C50CCA2831618040629128","kmendfapggjehodndflmmgagdbamhnfd":"795CBD18A38E14FE9C144674873BBB57B979EEA7E974C11220168C4376C33D2F","mfehgcgbbipciphmccgaenjidiccnmng":"BAC4EB8812EA6F6C28AAC8891DF2B0F00D293A0CBAB6C61555647C5EC7C7EFE6","mgndgikekgjfcpckkfioiadnlibdjbkf":"29307DD66C159DD7B1D890B3F14B40924C160A26758BC5535FD88FE32D392CC0","mhjfbmdgcfjbbpaeojofohoefgiehjai":"781BEA2385ADBC9D6F3328962C96CC4151FC1775411D878BA9B596E5199EC24E","neajdppkdcdipfabeoofebfddakdcjhd":"FAE9F8BF60704F44A41844DBE3D9077D4559B03884E2CE83436FDCF61AE060BD","nkeimhogjdpnpccoofpliimaahmaaome":"1E109305CB7C4151782F1906D61C7719F2F8BEE4A68ED6C613048EFFD2CD88EE","nmmhkkegccagdldgiimedpiccmgmieda":"5235659CDD988B50191BF41D393E10C4FCACF03CDC4C5AEBAAE4E1DDA731E3AA","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"F9897C20F5C8A7F8B41C0A38D13469E51007EFD2F9C6C02F0B22F354E258AB40"}},"google":{"services":{"last_username":"7FC7A8DF05A8F39534DB7A90E9C09B11FC1E58EEF3B8CB88CDDE9508A0ED37A1","username":"1AA657C703F8E6B93C0B59A05F5A209D69F33FBA1D41BCD33A203F448EE2F472"}},"homepage":"7C6C39043F07AECAD651BAB288676F79389899580494E9D95CA0EC4AEB422CBF","homepage_is_newtabpage":"473971DA9D3ABC5C3DAF5F075DB217EDB13143BD374724A5A0C1BB22E0D54A80","pinned_tabs":"D39545CCA3B26EFDE64FD52B530073643D1FE38709FDC081C44D68F4A0562371","prefs":{"preference_reset_time":"4E1857C27FF19081D358D387EDEF2B42061B92202F2461B7E70899DA68325352"},"profile":{"reset_prompt_memento":"E8E4072B255639316530370F50E8EFDDBB54F973019DE8EDC248E5BEF253C8BE"},"safebrowsing":{"incidents_sent":"3D0C89127B6046EEC43E3CC1171577D41D50AAE04FB1A0332B26640ADE067ECF"},"search_provider_overrides":"2B711065FFD70A40104A35785A2E401D971AB9435447A043D409CF286427E468","session":{"restore_on_startup":"91DED99044ABE65484F050C449A33951A2671CED036667C01C76EEB4D40DDDC6","startup_urls":"928775A2615923425CC797A48709B5F2B9C2B8C8C6DC81D5E4C0D8C9E99CE734"},"software_reporter":{"prompt_reason":"27BE08B7006431D85C35C53CD133934AEFA60CD92C5C28879446DA70F4E5157A","prompt_seed":"E382450A55D96148A7D4D0B38FA0D0ABBC34E1CE256253B57055B030E43EA582","prompt_version":"1E75A8EABB08A79FAEE2403F391A67797DF29249FB072F5C46019A5B66C043FF"},"sync":{"remaining_rollback_tries":"22335DB14B0CEE0BC258FA1E780760F50F00DA457967D6D98D24EF530F1A5EEF"}},"super_mac":"6A1E76FD81978924F89C2EFE9650462907526619BBE104A136901FD0B03C40B5"}}


==== Chromium Fix ======================

C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameslikefinder.com_0.localstorage deleted successfully
C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gameslikefinder.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Old Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{883D5738-553E-493C-9DA8-4226CD5ADDA1} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal.protect was reset successfully
C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Web Data.protect was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2680694750-434716173-396326756-1001\Software\Microsoft\Internet Explorer\SearchScopes\{883D5738-553E-493C-9DA8-4226CD5ADDA1} deleted successfully
HKEY_USERS\S-1-5-21-2680694750-434716173-396326756-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{883D5738-553E-493C-9DA8-4226CD5ADDA1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{883D5738-553E-493C-9DA8-4226CD5ADDA1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{883D5738-553E-493C-9DA8-4226CD5ADDA1} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\kamil\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\kamil\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\kamil\AppData\Local\Mozilla\Firefox\Profiles\c4u54vsm.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=116 folders=10 7018063 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\kamil\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\kamil\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 07.06.2015 at 19:44:35,50 ======================

[Reklama]

[eben1338]

frst scan log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by kamil (administrator) on KAMIL on 07-06-2015 19:49:26
Running from C:\Users\kamil\Desktop
Loaded Profiles: kamil (Available Profiles: kamil)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Akamai Technologies, Inc.) C:\Users\kamil\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Users\kamil\AppData\Roaming\Seznam.cz\szninstall.exe
(Akamai Technologies, Inc.) C:\Users\kamil\AppData\Local\Akamai\netsession_win.exe
() C:\Users\kamil\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Users\kamil\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\lenovo\iMController\AutoUpdate.exe
() C:\Program Files\lenovo\iMController\LegacyFeatures.exe
() C:\Program Files\lenovo\iMController\PluginCommunication.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2013-10-29] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-02-28] (Power Software Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [uTorrent] => C:\Users\kamil\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-12] (BitTorrent Inc.)
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [Akamai NetSession Interface] => C:\Users\kamil\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [ASworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\kamil\AppData\Local\Ohics\loader_u.dll
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [Ulmedia] => regsvr32.exe
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kamil\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kamil\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2680694750-434716173-396326756-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-2680694750-434716173-396326756-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2680694750-434716173-396326756-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-04] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-04] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\kamil\AppData\Roaming\Mozilla\Firefox\Profiles\c4u54vsm.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [2014-07-12] (Nexon)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-18] (Nitro PDF)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2680694750-434716173-396326756-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\kamil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2680694750-434716173-396326756-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-19] (Intel)
FF Plugin HKU\S-1-5-21-2680694750-434716173-396326756-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-19] (Intel)

Chrome:
=======
CHR Profile: C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-07]
CHR Extension: (Google Docs) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-07]
CHR Extension: (Google Drive) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-07]
CHR Extension: (YouTube) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-07]
CHR Extension: (Avira Savings Advisor) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-02-14]
CHR Extension: (Google Search) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-07]
CHR Extension: (Google Sheets) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-07]
CHR Extension: (Avira Browser Safety) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-06-07]
CHR Extension: (Bookmark Manager) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-14]
CHR Extension: (Gmail) - C:\Users\kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-07]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-18] (Nitro PDF Software)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5447952 2015-03-25] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-05] (Avira Operations GmbH & Co. KG)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [15872 2013-04-23] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 X6va016; \??\C:\windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va021; \??\C:\windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\windows\SysWOW64\Drivers\X6va029 [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 19:49 - 2015-06-07 19:49 - 00021836 _____ C:\Users\kamil\Desktop\FRST.txt
2015-06-07 19:49 - 2015-06-07 19:49 - 00000000 ____D C:\FRST
2015-06-07 19:48 - 2015-06-07 19:48 - 02108928 _____ (Farbar) C:\Users\kamil\Downloads\FRST64.exe
2015-06-07 19:48 - 2015-06-07 19:48 - 02108928 _____ (Farbar) C:\Users\kamil\Desktop\FRST64.exe
2015-06-07 19:42 - 2015-06-07 19:30 - 00024064 _____ C:\windows\zoek-delete.exe
2015-06-07 19:31 - 2015-06-07 19:44 - 00025711 _____ C:\zoek-results.log
2015-06-07 19:30 - 2015-06-07 19:41 - 00000000 ____D C:\zoek_backup
2015-06-07 19:30 - 2015-06-07 19:30 - 01308672 _____ C:\Users\kamil\Desktop\zoek.exe
2015-06-07 19:02 - 2015-06-07 19:03 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 19:02 - 2015-06-07 19:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-07 19:02 - 2015-06-07 19:02 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-07 19:02 - 2015-06-07 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-07 19:02 - 2015-06-07 19:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-07 19:02 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-07 19:02 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-07 19:02 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-07 19:00 - 2015-06-07 19:00 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\kamil\Desktop\rkill64-23045.exe
2015-06-07 18:43 - 2015-06-07 18:43 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\kamil\Desktop\winlogon.exe.exe
2015-06-07 18:41 - 2015-06-07 18:41 - 00321848 _____ (Malwarebytes Corporation) C:\Users\kamil\Desktop\mbam-clean-2.1.1.1001.exe
2015-06-07 18:39 - 2015-06-07 19:01 - 00002278 _____ C:\Users\kamil\Desktop\Rkill.txt
2015-06-07 18:39 - 2015-06-07 18:39 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\kamil\Desktop\rkill.exe
2015-06-07 18:39 - 2015-06-07 18:39 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\kamil\Desktop\rkill64.exe
2015-06-07 17:35 - 2015-06-07 19:45 - 00000000 ____D C:\Users\kamil\AppData\Local\CrashDumps
2015-06-07 17:31 - 2015-06-07 18:54 - 00037624 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-06-07 17:31 - 2015-06-07 17:32 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-07 17:31 - 2015-06-07 17:31 - 21424888 _____ C:\Users\kamil\Desktop\RogueKillerX64.exe
2015-06-07 16:33 - 2015-06-07 16:33 - 00001053 _____ C:\Users\kamil\Desktop\JRT.txt
2015-06-07 16:25 - 2015-06-07 16:25 - 02942406 _____ (Thisisu) C:\Users\kamil\Desktop\JRT.exe
2015-06-07 16:25 - 2015-06-07 16:25 - 00000207 _____ C:\windows\tweaking.com-regbackup-KAMIL-Windows-8.1-(64-bit).dat
2015-06-07 16:25 - 2015-06-07 16:25 - 00000000 ____D C:\RegBackup
2015-06-07 14:31 - 2015-06-07 14:31 - 00007738 _____ C:\Users\kamil\Desktop\anti malware log.rar
2015-06-07 14:05 - 2015-06-07 14:05 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\kamil\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-07 14:01 - 2015-06-07 15:24 - 00000000 ____D C:\AdwCleaner
2015-06-07 14:00 - 2015-06-07 14:00 - 02231296 _____ C:\Users\kamil\Desktop\AdwCleaner.exe
2015-06-07 13:47 - 2015-06-07 13:47 - 00002286 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2015-06-07 13:47 - 2015-06-07 13:47 - 00002286 _____ C:\Users\Default User\Desktop\Google Chrome.lnk
2015-06-07 13:47 - 2015-06-07 13:47 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-06-07 13:46 - 2015-06-07 19:49 - 00000000 ____D C:\Users\kamil\AppData\Roaming\Seznam.cz
2015-06-07 13:46 - 2015-06-07 13:46 - 00448512 _____ (OldTimer Tools) C:\Users\kamil\Desktop\TFC.exe
2015-06-07 13:17 - 2015-06-07 13:17 - 00015666 _____ C:\Users\kamil\Desktop\hijackthis.log
2015-06-07 13:14 - 2015-06-07 13:14 - 07775871 _____ C:\Users\kamil\Desktop\HiJackThis.exe
2015-06-04 15:13 - 2015-06-04 15:13 - 00061680 _____ C:\Users\kamil\Desktop\AVSCAN-20150604-125859-7361FB49.LOG
2015-06-02 10:53 - 2015-06-02 10:53 - 00000000 ____D C:\Users\kamil\AppData\Local\GWX
2015-05-30 16:18 - 2015-05-30 16:18 - 00000000 ____D C:\Users\kamil\Desktop\mikro priklady
2015-05-26 23:23 - 2015-06-01 10:22 - 00000000 ____D C:\Users\kamil\Desktop\country channel
2015-05-26 10:18 - 2015-05-27 09:07 - 00000000 ____D C:\Users\kamil\Desktop\outlander
2015-05-25 22:14 - 2015-05-25 22:14 - 00000338 _____ C:\Users\kamil\Downloads\Torrent Downloaded From ExtraTorrent.cc.txt
2015-05-23 17:12 - 2015-05-23 17:12 - 00000000 ____D C:\windows\en
2015-05-23 17:12 - 2015-05-23 17:12 - 00000000 ____D C:\windows\cs
2015-05-23 17:11 - 2015-05-23 17:11 - 00001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-05-23 17:11 - 2015-05-23 17:11 - 00001332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-05-23 17:10 - 2015-05-23 17:11 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-05-23 17:07 - 2015-05-23 17:19 - 00000000 ____D C:\Users\kamil\AppData\Local\Windows Live
2015-05-17 02:13 - 2015-05-17 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-16 14:32 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2015-05-16 14:30 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthhfenum.sys
2015-05-16 14:22 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-05-16 14:22 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-05-16 14:19 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-16 14:19 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-16 14:19 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-05-16 14:14 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Input.Inking.dll
2015-05-16 14:14 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-16 14:14 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2015-05-16 14:14 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsDatabase.dll
2015-05-14 15:54 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
2015-05-14 15:54 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2015-05-14 15:54 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll
2015-05-14 15:54 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll
2015-05-14 15:54 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
2015-05-14 15:54 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
2015-05-14 15:27 - 2015-05-14 15:27 - 00000000 ____D C:\Riot Games
2015-05-14 15:27 - 2015-05-14 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-05-14 10:56 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 10:56 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:31 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-13 14:31 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-05-13 14:31 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 14:31 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-13 14:31 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 14:31 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-13 14:30 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2015-05-13 14:30 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2015-05-13 14:30 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-13 14:30 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-05-13 14:30 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
2015-05-13 14:29 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 14:29 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 14:29 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 14:29 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 14:29 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 14:29 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 14:29 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 14:29 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-13 14:29 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-13 14:29 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-13 14:29 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 14:29 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-13 14:29 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-13 14:29 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 14:29 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 14:29 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 14:29 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 14:29 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-13 14:29 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-13 14:29 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-13 14:29 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 14:29 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-13 14:29 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-13 14:29 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-13 14:29 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-13 14:29 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 14:29 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-13 14:29 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-13 14:29 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 14:29 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 14:29 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 14:29 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-13 14:29 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 14:29 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\PhotoMetadataHandler.dll
2015-05-13 14:29 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 14:29 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2015-05-13 14:29 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-13 14:29 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-05-13 14:28 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-05-13 14:28 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-05-13 14:28 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 14:28 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-05-13 14:28 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-05-13 14:28 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 14:28 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-05-13 14:28 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-05-13 14:28 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-05-13 14:28 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 14:28 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-13 14:28 - 2015-03-13 02:29 - 00410017 _____ C:\windows\system32\ApnDatabase.xml
2015-05-13 14:28 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2015-05-12 16:22 - 2015-06-07 13:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-12 16:22 - 2015-06-07 13:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-05-12 16:22 - 2015-05-12 16:22 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2015-05-12 14:33 - 2015-05-12 14:33 - 00000000 _____ C:\autoexec.bat
2015-05-12 14:18 - 2015-05-12 14:27 - 00000000 ____D C:\Users\kamil\AppData\Local\Ulmedia
2015-05-08 22:23 - 2015-06-07 19:45 - 00000000 ____D C:\Users\kamil\AppData\Local\LogMeIn Hamachi
2015-05-08 22:22 - 2015-05-08 22:22 - 00000949 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-05-08 22:22 - 2015-05-08 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-05-08 22:22 - 2015-05-08 22:22 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-05-08 21:55 - 2015-05-08 21:55 - 00000000 ____D C:\Users\kamil\Documents\My Games
2015-05-08 21:49 - 2015-05-08 21:49 - 00000000 ____D C:\GOG Games
2015-05-08 11:18 - 2015-05-09 09:39 - 00000000 ____D C:\Users\kamil\AppData\Local\Ohics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-07 19:49 - 2014-02-14 15:08 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2680694750-434716173-396326756-1001
2015-06-07 19:45 - 2014-04-28 20:00 - 00000000 ___DO C:\Users\kamil\SkyDrive
2015-06-07 19:45 - 2014-02-17 18:03 - 00000000 ____D C:\Users\kamil\AppData\Roaming\uTorrent
2015-06-07 19:45 - 2013-12-20 23:29 - 01062340 _____ C:\windows\WindowsUpdate.log
2015-06-07 19:44 - 2014-02-22 21:37 - 02440192 ___SH C:\Users\kamil\Desktop\Thumbs.db
2015-06-07 19:44 - 2014-02-14 15:13 - 00000952 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-07 19:43 - 2013-08-31 17:36 - 00474918 _____ C:\windows\PFRO.log
2015-06-07 19:43 - 2013-08-22 16:46 - 00166484 _____ C:\windows\setupact.log
2015-06-07 19:43 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-07 19:37 - 2014-04-10 12:10 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-07 19:27 - 2014-02-14 15:07 - 00003914 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{1104D46B-41DD-49AA-B44A-2734AF022A67}
2015-06-07 19:04 - 2014-02-14 15:13 - 00000956 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\sru
2015-06-07 15:24 - 2014-02-14 15:00 - 00000000 ____D C:\Users\kamil
2015-06-07 13:56 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-06-06 21:45 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2015-06-01 20:42 - 2014-12-31 14:29 - 00000000 ____D C:\Users\kamil\AppData\Local\Screenleap
2015-06-01 20:42 - 2014-05-04 17:37 - 00000056 _____ C:\Users\kamil\.screenleap
2015-05-28 23:13 - 2014-04-10 12:10 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-05-28 23:12 - 2014-02-14 15:24 - 00000000 ____D C:\Users\kamil\AppData\Local\Adobe
2015-05-26 10:23 - 2014-02-17 17:56 - 00638976 ___SH C:\Users\kamil\Downloads\Thumbs.db
2015-05-25 11:13 - 2014-02-20 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-05-24 15:38 - 2014-05-11 11:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-23 17:30 - 2014-03-19 17:12 - 00000000 ____D C:\Users\kamil\Desktop\iibn
2015-05-23 17:15 - 2015-04-27 21:40 - 00000000 ____D C:\Users\kamil\Desktop\fotosop fotky blabla
2015-05-23 17:11 - 2015-04-18 12:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-23 17:10 - 2014-03-19 17:22 - 00060867 _____ C:\windows\DirectX.log
2015-05-23 17:10 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-05-20 18:32 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2015-05-20 18:31 - 2015-04-11 20:36 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-05-20 18:31 - 2015-04-11 20:36 - 00000000 ___SD C:\windows\system32\GWX
2015-05-18 09:24 - 2013-08-22 16:44 - 05048184 _____ C:\windows\system32\FNTCACHE.DAT
2015-05-17 15:08 - 2013-08-31 17:40 - 00865408 _____ C:\windows\system32\PerfStringBackup.INI
2015-05-16 18:59 - 2014-02-14 15:13 - 00003928 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 18:59 - 2014-02-14 15:13 - 00003692 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 15:00 - 2014-02-17 18:21 - 00000000 ____D C:\Users\kamil\AppData\Roaming\vlc
2015-05-16 14:52 - 2013-08-22 17:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2015-05-15 21:27 - 2013-08-22 17:36 - 00000000 ____D C:\windows\rescache
2015-05-15 14:17 - 2013-08-22 15:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-05-14 15:28 - 2014-03-03 19:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 10:55 - 2014-02-21 21:34 - 00000000 ____D C:\windows\system32\MRT
2015-05-13 15:18 - 2014-02-21 21:33 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-13 15:09 - 2013-08-22 21:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 01:18 - 2014-03-19 22:45 - 00000000 ____D C:\Users\kamil\AppData\Roaming\TS3Client

==================== Files in the root of some directories =======

2014-05-23 15:52 - 2014-05-23 15:55 - 0000600 _____ () C:\Users\kamil\AppData\Local\PUTTY.RND
2014-02-14 15:02 - 2014-06-10 20:56 - 0000280 _____ () C:\Users\kamil\AppData\Local\RegisteredPackageInformation.xml
2013-12-20 22:59 - 2013-12-20 22:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\kamil\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-04 18:08

==================== End of log ============================

[eben1338]

additional log.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by kamil at 2015-06-07 19:50:34
Running from C:\Users\kamil\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2680694750-434716173-396326756-500 - Administrator - Disabled)
Guest (S-1-5-21-2680694750-434716173-396326756-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2680694750-434716173-396326756-1003 - Limited - Enabled)
kamil (S-1-5-21-2680694750-434716173-396326756-1001 - Administrator - Enabled) => C:\Users\kamil

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gameforge Live 2.0.3 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.3 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Kantaris Media Player 0.7.7 (HKLM-x32\...\Kantaris_is1) (Version: - Christofer Persson)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.18 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware verze 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 cs)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
PPTX Viewer 2.0 (HKLM-x32\...\PPTX Viewer 2.0) (Version: - )
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Seznam Software (HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\SeznamInstall) (Version: - Seznam.cz)
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40642 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
TnI CheckExplorer Project (HKLM-x32\...\InstallShield_{EBFA3741-71F4-48C3-BEAE-B140AEDCC19B}) (Version: 1.0.0.2 - TPV-INVENTA TECHNOLOGY CO., LTD.)
TnI CheckExplorer Project (Version: 1.0.0.2 - TPV-INVENTA TECHNOLOGY CO., LTD.) Hidden
Unity Web Player (HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2680694750-434716173-396326756-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2680694750-434716173-396326756-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2680694750-434716173-396326756-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

==================== Restore Points =========================

07-06-2015 19:31:58 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-06-07 19:32 - 00000753 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0464C94D-2867-47AC-88AA-18398204BB19} - \OFFICE2013ACT No Task File <==== ATTENTION
Task: {30E6CC71-568C-48B8-B2EF-CEDBA3CFA073} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {396156BC-D0FA-4EBF-87D1-B5DC893D8BCC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {3ABF35E9-72E2-44D8-8991-FCDEF9301E92} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {3BEE4049-BB94-4FBE-A3E4-E0F8491FDAC9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43E9D95F-09D9-4813-93CE-46896AE6EB3B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4E1D151B-A618-4A0F-B1E8-2F72AADB5212} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-28] (Adobe Systems Incorporated)
Task: {9E87C7E5-1374-4491-9ADC-C7C758832DA4} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {B1FEA8E6-60AF-46A9-AECD-19744F5380E9} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.)
Task: {B559E13F-A4A8-4807-A41B-676EC62FE3B3} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2680694750-434716173-396326756-1001
Task: {B81B9502-28C2-4B3B-AA74-96E7AD9ACC12} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {BD04EECA-74C0-4EA0-838E-C30E6609ADC1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {CA56D31A-90EE-4295-B6F8-649D562A02EF} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {CB34B5D3-AB1A-41E3-9EE1-2649B87624A3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-kamil.schulz@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {CCFA54C3-18BD-4AF1-9CCC-FCEB6E5703EC} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {CE07D9C1-A31B-4A7E-B3B7-197EE98D479B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E58EC9B9-2EE1-4DBB-9684-3E52F01C36C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {E5C720CB-2F3D-43A9-9578-54BC98FBD9FA} - System32\Tasks\TnICheckExplorerFunction => C:\Program Files (x86)\TPV-INVENTA\TnI CheckExplorer Function\CheckExploer.exe [2013-11-26] (TPV-INVENTA TECHNOLOGY CO,LTD )
Task: {EBDAD8C0-B37B-4DF2-BB6F-896C071FBBEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {EDB47DD7-FCE9-4CE9-9F10-0944C57416F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {EE14AA26-5686-4563-9C1E-E97C6A6642D7} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {EE9D3134-B0F8-4F9F-BD60-7BCF3604D0B6} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {F1C0AD65-BD92-4232-A7B3-F9A416BA0008} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {F2CA2490-D4E9-4739-BC8F-6BC79E32C28D} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-12-20 22:59 - 2011-08-17 06:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-07 13:47 - 2015-05-26 13:35 - 00079872 _____ () C:\Users\kamil\AppData\Roaming\Seznam.cz\bin\27123libfoxloader-x64.dll
2013-09-09 23:13 - 2013-09-09 23:13 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2015-06-07 13:46 - 2013-05-16 15:25 - 01062472 _____ () C:\Users\kamil\AppData\Roaming\Seznam.cz\szninstall.exe
2015-06-07 13:47 - 2015-05-26 13:38 - 00457384 _____ () C:\Users\kamil\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2015-06-07 13:47 - 2015-05-26 13:36 - 00073896 _____ () C:\Users\kamil\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2013-12-20 22:59 - 2011-08-17 06:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2015-03-06 21:53 - 2015-03-06 21:53 - 00074168 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
2015-03-06 21:53 - 2015-03-06 21:53 - 00020920 _____ () C:\Program Files\Lenovo\iMController\LegacyFeatures.exe
2015-03-06 21:53 - 2015-03-06 21:53 - 00026552 _____ () C:\Program Files\Lenovo\iMController\PluginCommunication.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-08 11:19 - 2015-05-08 11:19 - 00036352 _____ () C:\Users\kamil\AppData\Local\Ohics\loader_u.dll
2015-06-07 13:47 - 2015-05-26 13:37 - 00078504 _____ () C:\Users\kamil\AppData\Roaming\Seznam.cz\bin\27123libfoxloader.dll
2015-06-07 13:47 - 2015-05-26 13:38 - 00862888 _____ () C:\Users\kamil\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2013-12-20 22:59 - 2011-05-17 23:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-05 02:59 - 2009-12-05 02:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 03:04 - 2009-12-05 03:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2013-12-20 22:57 - 2013-09-04 02:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\kamil\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\kamil\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\kamil\SkyDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2680694750-434716173-396326756-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kamil\Desktop\country-road-hd-1366x768.jpg
DNS Servers: 192.168.88.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AE9EEE29-F5F5-41B5-98F4-46DFA40B6E1F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{376E7B2C-97E1-4856-9A7A-28ECEA326F44}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E7F741A2-5932-40A9-86B3-0692177E7181}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{88365063-BAAA-4BAE-97E5-36CCFD1ABB7D}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{39AFDEDA-B098-4FA2-8016-9A728FBB349D}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{F931DF77-F48F-4E66-8D8E-8A376596D516}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{F113311D-9319-4426-A6BE-D40100CDDC8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5539FAC2-F4EC-4D3F-9CBA-163282FBDCC4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{100CD501-AC82-4C87-BAD6-9C5DB0D2A846}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69AB766F-7AE4-4C26-80EF-39BB222AEAFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4D2D2277-4B62-4BAF-9CCA-0FDF19FC60B7}] => (Allow) C:\Users\kamil\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A73A619A-E1F9-4596-B01D-D1ABBDF323A6}] => (Allow) C:\Users\kamil\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9EBFA62A-EEF6-48C3-920A-DD936D5E3CA6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3E8BB565-1C5F-4782-948D-69123C6A8739}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B1B2C570-52E5-4337-88F4-6EFD7EC8E943}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B30C305B-4401-4A8E-A49D-411C3189CD1A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3DE3977F-C279-42C7-99FF-CF8DCECF5402}] => (Allow) C:\Users\kamil\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{71D7DD6A-96D2-4623-9AC5-A1676D003F51}] => (Allow) C:\Users\kamil\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{A23ED2BB-1A6D-46E0-A7B8-292C4CC0751B}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{B5CA787C-156C-46CD-A692-B5CAA7DDBFCF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{9F192DF1-478F-4ED4-A452-CC201499517F}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{AA70FEE9-D634-4C31-A3D9-A22ACA2BE305}] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{A5846213-FC49-4CF1-9EC8-F5504C54003A}C:\users\kamil\desktop\terraria v1.2.0.3\terrariaserver.exe] => (Allow) C:\users\kamil\desktop\terraria v1.2.0.3\terrariaserver.exe
FirewallRules: [UDP Query User{1E21A105-48D6-438A-AD02-6E74F7D36559}C:\users\kamil\desktop\terraria v1.2.0.3\terrariaserver.exe] => (Allow) C:\users\kamil\desktop\terraria v1.2.0.3\terrariaserver.exe
FirewallRules: [{C781B973-0BBD-425D-BB02-2CABB9A62EC2}] => (Allow) C:\users\kamil\desktop\terraria v1.2.0.3\terrariaserver.exe
FirewallRules: [{ACDC5A3C-4BD5-4842-8046-556CE1B9DCB8}] => (Allow) C:\users\kamil\desktop\terraria v1.2.0.3\terrariaserver.exe
FirewallRules: [{EAB52FDD-38A5-413E-9DF1-649CA5F6142E}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{190E0EED-2232-4555-AFCA-4D26E7637606}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C2A2A512-867F-4581-B9BF-9B60536F4066}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{4C342686-91B0-40B5-BCFA-3FBA775119B4}C:\users\kamil\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kamil\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{028C54B7-6B1B-4B8D-B72D-D801FC981714}C:\users\kamil\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kamil\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B5FF4605-1A26-480F-982C-ABFC772D6F68}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{261E9F6C-F354-4C54-8849-CFE5C4BBF057}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{63C11765-29F3-430D-BE6B-D13564AFCD1D}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [{A2D5A9AA-0D5F-4299-A487-CFC4AA1D4990}] => (Allow) C:\Nexon\Combat Arms EU\NMService.exe
FirewallRules: [{EF172374-5D39-49F0-9F46-C4F2FDFB838E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2F484CBA-8549-435C-8CEA-58AC388E1ED8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{374382D7-D9C8-4100-9432-B3876FE55B82}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{78187A80-F3CD-4A3C-8B62-E350F23EEEEE}] => (Allow) C:\Users\kamil\AppData\Local\Temp\nsa49C8.tmp\CnetInstaller-75788920.exe
FirewallRules: [{AB0939C6-37DD-44C5-AF17-45F21099562B}] => (Allow) C:\Users\kamil\AppData\Local\Temp\nsa49C8.tmp\CnetInstaller-75788920.exe
FirewallRules: [{073E7A95-72B0-4503-A654-5A4395C2F043}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4BF287D3-9D63-417F-96BA-0696A2ABE5C9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CBFA74CB-730F-4100-B8C9-326E081F07A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{86B8D0E3-E39A-46DD-B781-97DDDEAA5847}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{764809E3-7461-4478-B91D-BACA8A5CC58B}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{786C43CF-9E48-4E93-867C-5977FFAF910D}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{304BB92E-F8DF-4344-B90E-E97415C88379}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{FDBAAC5D-DDD6-4B6B-AD6F-455C08A52597}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{8F7AF131-939C-4B93-8092-62576E61EFBE}] => (Allow) C:\windows\explorer.exe
FirewallRules: [{F25DDADC-F59E-47E0-80D6-EB540F8F0D03}] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [TCP Query User{A270B4C4-DAFA-471A-A64B-97F55AE5363F}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{8F93D958-FF3B-4442-A2E9-99A6C0CEE4EB}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
FirewallRules: [{0B5A5E6E-4BD1-452F-93B4-D26F8AF0A233}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C0A5DF9F-95F5-4AB4-9809-E98CE0798D13}] => (Allow) LPort=2869
FirewallRules: [{1319453A-C848-4004-B011-8DA6FA48033F}] => (Allow) LPort=1900
FirewallRules: [{193112F5-B6DA-4F31-882F-A714519AFBB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2015 07:45:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.Systray.exe, version: 1.1.24.28621, time stamp: 0x5436a18b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0x13c8
Faulting application start time: 0xAvira.OE.Systray.exe0
Faulting application path: Avira.OE.Systray.exe1
Faulting module path: Avira.OE.Systray.exe2
Report Id: Avira.OE.Systray.exe3
Faulting package full name: Avira.OE.Systray.exe4
Faulting package-relative application ID: Avira.OE.Systray.exe5

Error: (06/07/2015 07:45:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
at System.Configuration.ConfigurationManager.GetSection(System.String)
at System.Configuration.ConfigurationManager.get_AppSettings()
at Avira.OE.WinCore.OeProductInfo.get_Culture()
at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
at Avira.OE.Systray.Program.Main(System.String[])

Error: (06/07/2015 07:44:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.ServiceHost.exe, version: 1.1.24.28609, time stamp: 0x5436a172
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0xfdc
Faulting application start time: 0xAvira.OE.ServiceHost.exe0
Faulting application path: Avira.OE.ServiceHost.exe1
Faulting module path: Avira.OE.ServiceHost.exe2
Report Id: Avira.OE.ServiceHost.exe3
Faulting package full name: Avira.OE.ServiceHost.exe4
Faulting package-relative application ID: Avira.OE.ServiceHost.exe5

Error: (06/07/2015 07:44:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
at NLog.LogFactory.get_Configuration()
at NLog.LogFactory.GetLogger(LoggerCacheKey)
at NLog.LogFactory.GetLogger(System.String)
at NLog.LogManager.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/07/2015 07:44:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.ServiceHost.exe, version: 1.1.24.28609, time stamp: 0x5436a172
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0xfd8
Faulting application start time: 0xAvira.OE.ServiceHost.exe0
Faulting application path: Avira.OE.ServiceHost.exe1
Faulting module path: Avira.OE.ServiceHost.exe2
Report Id: Avira.OE.ServiceHost.exe3
Faulting package full name: Avira.OE.ServiceHost.exe4
Faulting package-relative application ID: Avira.OE.ServiceHost.exe5

Error: (06/07/2015 07:44:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
at NLog.LogFactory.get_Configuration()
at NLog.LogFactory.GetLogger(LoggerCacheKey)
at NLog.LogFactory.GetLogger(System.String)
at NLog.LogManager.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/07/2015 07:44:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.ServiceHost.exe, version: 1.1.24.28609, time stamp: 0x5436a172
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0x8e0
Faulting application start time: 0xAvira.OE.ServiceHost.exe0
Faulting application path: Avira.OE.ServiceHost.exe1
Faulting module path: Avira.OE.ServiceHost.exe2
Report Id: Avira.OE.ServiceHost.exe3
Faulting package full name: Avira.OE.ServiceHost.exe4
Faulting package-relative application ID: Avira.OE.ServiceHost.exe5

Error: (06/07/2015 07:44:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
at NLog.LogFactory.get_Configuration()
at NLog.LogFactory.GetLogger(LoggerCacheKey)
at NLog.LogFactory.GetLogger(System.String)
at NLog.LogManager.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/07/2015 07:24:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winlogon.exe.exe, version: 1.0.2.929, time stamp: 0x552d3ec4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xaac
Faulting application start time: 0xwinlogon.exe.exe0
Faulting application path: winlogon.exe.exe1
Faulting module path: winlogon.exe.exe2
Report Id: winlogon.exe.exe3
Faulting package full name: winlogon.exe.exe4
Faulting package-relative application ID: winlogon.exe.exe5

Error: (06/07/2015 06:53:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.OE.Systray.exe, version: 1.1.24.28621, time stamp: 0x5436a18b
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process id: 0x1198
Faulting application start time: 0xAvira.OE.Systray.exe0
Faulting application path: Avira.OE.Systray.exe1
Faulting module path: Avira.OE.Systray.exe2
Report Id: Avira.OE.Systray.exe3
Faulting package full name: Avira.OE.Systray.exe4
Faulting package-relative application ID: Avira.OE.Systray.exe5


System errors:
=============
Error: (06/07/2015 07:44:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).

Error: (06/07/2015 07:44:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/07/2015 07:44:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/07/2015 07:40:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/07/2015 07:40:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/07/2015 07:40:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/07/2015 07:40:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/07/2015 07:40:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/07/2015 07:00:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The JME Keyboard Driver service terminated unexpectedly. It has done this 1 time(s).

Error: (06/07/2015 06:52:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).


Microsoft Office:
=========================
Error: (06/07/2015 07:45:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.24.286215436a18bKERNELBASE.dll6.3.9600.1741554504adee04343520001459813c801d0a149b105d584C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\windows\SYSTEM32\KERNELBASE.dllf0cae05d-0d3c-11e5-852e-0025ab490313

Error: (06/07/2015 07:45:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.Systray.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Configuration.ConfigurationErrorsException
Stack:
at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
at System.Configuration.BaseConfigurationRecord.GetSection(System.String)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
at System.Configuration.ConfigurationManager.GetSection(System.String)
at System.Configuration.ConfigurationManager.get_AppSettings()
at Avira.OE.WinCore.OeProductInfo.get_Culture()
at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
at Avira.OE.Systray.Program.Main(System.String[])

Error: (06/07/2015 07:44:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.24.286095436a172KERNELBASE.dll6.3.9600.1741554504adee043435200014598fdc01d0a149a35b2f5eC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\windows\SYSTEM32\KERNELBASE.dlle1b36cb2-0d3c-11e5-852e-0025ab490313

Error: (06/07/2015 07:44:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
at NLog.LogFactory.get_Configuration()
at NLog.LogFactory.GetLogger(LoggerCacheKey)
at NLog.LogFactory.GetLogger(System.String)
at NLog.LogManager.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/07/2015 07:44:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.24.286095436a172KERNELBASE.dll6.3.9600.1741554504adee043435200014598fd801d0a1499c7b217fC:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\windows\SYSTEM32\KERNELBASE.dllda490dd6-0d3c-11e5-852e-0025ab490313

Error: (06/07/2015 07:44:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
at NLog.LogFactory.get_Configuration()
at NLog.LogFactory.GetLogger(LoggerCacheKey)
at NLog.LogFactory.GetLogger(System.String)
at NLog.LogManager.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/07/2015 07:44:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.ServiceHost.exe1.1.24.286095436a172KERNELBASE.dll6.3.9600.1741554504adee0434352000145988e001d0a14991a64d78C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exeC:\windows\SYSTEM32\KERNELBASE.dlld4272b31-0d3c-11e5-852e-0025ab490313

Error: (06/07/2015 07:44:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
at NLog.Common.InternalLogger.Debug(System.String, System.Object[])
at NLog.LogFactory.get_Configuration()
at NLog.LogFactory.GetLogger(LoggerCacheKey)
at NLog.LogFactory.GetLogger(System.String)
at NLog.LogManager.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String)
at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger()
at Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value()
at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture()
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (06/07/2015 07:24:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: winlogon.exe.exe1.0.2.929552d3ec4MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdaac01d0a143ee5ff01cC:\Program Files (x86)\Malwarebytes Anti-Malware\winlogon.exe.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllfeda00aa-0d39-11e5-852d-0025ab490313

Error: (06/07/2015 06:53:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Avira.OE.Systray.exe1.1.24.286215436a18bKERNELBASE.dll6.3.9600.1741554504adee043435200014598119801d0a1427023d6adC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\windows\SYSTEM32\KERNELBASE.dllb0c90092-0d35-11e5-852d-0025ab490313


CodeIntegrity Errors:
===================================
Date: 2015-02-22 16:22:08.523
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-22 16:22:08.398
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-21 13:32:43.585
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-21 13:32:43.460
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-20 15:14:56.929
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-20 15:14:56.804
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-18 15:49:32.334
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-18 15:49:32.209
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-17 20:03:10.664
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

Date: 2015-02-17 20:03:10.539
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3220T @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 4008.77 MB
Available physical RAM: 2642.96 MB
Total Pagefile: 4712.77 MB
Available Pagefile: 3114.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:389 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4B56499D)

Partition: GPT Partition Type.

==================== End of log ============================

[jerabina]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.))
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-02-28] (Power Software Ltd)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [uTorrent] => C:\Users\kamil\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-12] (BitTorrent Inc.)
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kamil\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kamil\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
BootExecute: autocheck autochk * sdnclean64.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)

FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\windows\system32\npOGPPlugin.dll No File)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

S3 X6va016; \??\C:\windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va021; \??\C:\windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\windows\SysWOW64\Drivers\X6va029 [X]

C:\windows\SysWOW64\Drivers\X6va016
C:\windows\SysWOW64\Drivers\X6va021
C:\windows\SysWOW64\Drivers\X6va029

C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy

C:\Users\kamil\AppData\Local\PUTTY.RND
C:\ProgramData\DP45977C.lfl

Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor
C:\Users\kamil\Downloads\PowerISO6-x64.exe
C:\Users\kamil\Downloads\SetupYTD.exe
C:\Users\kamil\AppData\Roaming\Mozilla\Firefox\Profiles\c4u54vsm.default\prefs.js

Task: {0464C94D-2867-47AC-88AA-18398204BB19} - \OFFICE2013ACT No Task File <==== ATTENTION
Task: {3BEE4049-BB94-4FBE-A3E4-E0F8491FDAC9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43E9D95F-09D9-4813-93CE-46896AE6EB3B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4E1D151B-A618-4A0F-B1E8-2F72AADB5212} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-28] (Adobe Systems Incorporated)
Task: {9E87C7E5-1374-4491-9ADC-C7C758832DA4} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {CB34B5D3-AB1A-41E3-9EE1-2649B87624A3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-kamil.schulz@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {E58EC9B9-2EE1-4DBB-9684-3E52F01C36C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {E5C720CB-2F3D-43A9-9578-54BC98FBD9FA} - System32\Tasks\TnICheckExplorerFunction => C:\Program Files (x86)\TPV-INVENTA\TnI CheckExplorer Function\CheckExploer.exe [2013-11-26] (TPV-INVENTA TECHNOLOGY CO,LTD )
Task: {EBDAD8C0-B37B-4DF2-BB6F-896C071FBBEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\kamil\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\kamil\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\kamil\SkyDrive.old:ms-properties

Reg: reg delete "HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}"
Reg: reg delete "HKU\S-1-5-21-2680694750-434716173-396326756-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F2611DD3-4563-4C66-960A-4A87F84555C1}"
Reg: reg delete "HKU\S-1-5-21-2680694750-434716173-396326756-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F2611DD3-4563-4C66-960A-4A87F84555C1}"

EmptyTemp:
Hosts:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

[eben1338]

fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by kamil at 2015-06-07 20:27:06 Run:1
Running from C:\Users\kamil\Desktop
Loaded Profiles: kamil (Available Profiles: kamil)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.))
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-02-28] (Power Software Ltd)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [uTorrent] => C:\Users\kamil\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-12] (BitTorrent Inc.)
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\kamil\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2680694750-434716173-396326756-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\kamil\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
BootExecute: autocheck autochk * sdnclean64.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)

FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\windows\system32\npOGPPlugin.dll No File)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

S3 X6va016; \??\C:\windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va021; \??\C:\windows\SysWOW64\Drivers\X6va021 [X]
S3 X6va029; \??\C:\windows\SysWOW64\Drivers\X6va029 [X]

C:\windows\SysWOW64\Drivers\X6va016
C:\windows\SysWOW64\Drivers\X6va021
C:\windows\SysWOW64\Drivers\X6va029

C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy

C:\Users\kamil\AppData\Local\PUTTY.RND
C:\ProgramData\DP45977C.lfl

Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor
C:\Users\kamil\Downloads\PowerISO6-x64.exe
C:\Users\kamil\Downloads\SetupYTD.exe
C:\Users\kamil\AppData\Roaming\Mozilla\Firefox\Profiles\c4u54vsm.default\prefs.js

Task: {0464C94D-2867-47AC-88AA-18398204BB19} - \OFFICE2013ACT No Task File <==== ATTENTION
Task: {3BEE4049-BB94-4FBE-A3E4-E0F8491FDAC9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {43E9D95F-09D9-4813-93CE-46896AE6EB3B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4E1D151B-A618-4A0F-B1E8-2F72AADB5212} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-28] (Adobe Systems Incorporated)
Task: {9E87C7E5-1374-4491-9ADC-C7C758832DA4} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {CB34B5D3-AB1A-41E3-9EE1-2649B87624A3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-kamil.schulz@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {E58EC9B9-2EE1-4DBB-9684-3E52F01C36C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {E5C720CB-2F3D-43A9-9578-54BC98FBD9FA} - System32\Tasks\TnICheckExplorerFunction => C:\Program Files (x86)\TPV-INVENTA\TnI CheckExplorer Function\CheckExploer.exe [2013-11-26] (TPV-INVENTA TECHNOLOGY CO,LTD )
Task: {EBDAD8C0-B37B-4DF2-BB6F-896C071FBBEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\kamil\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\kamil\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\kamil\SkyDrive.old:ms-properties

Reg: reg delete "HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}"
Reg: reg delete "HKU\S-1-5-21-2680694750-434716173-396326756-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F2611DD3-4563-4C66-960A-4A87F84555C1}"
Reg: reg delete "HKU\S-1-5-21-2680694750-434716173-396326756-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F2611DD3-4563-4C66-960A-4A87F84555C1}"

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GoShortCut => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Lenovo App Shop => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PWRISOVM.EXE => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LogMeIn Hamachi Ui => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
HKU\S-1-5-21-2680694750-434716173-396326756-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value removed successfully
HKU\S-1-5-21-2680694750-434716173-396326756-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value removed successfully
HKU\S-1-5-21-2680694750-434716173-396326756-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value removed successfully
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully
Firefox newtab removed successfully
Firefox homepage removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@ogplanet.com/npOGPPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll not found.
X6va016 => Service removed successfully
X6va021 => Service removed successfully
X6va029 => Service removed successfully
"C:\windows\SysWOW64\Drivers\X6va016" => File/Folder not found.
"C:\windows\SysWOW64\Drivers\X6va021" => File/Folder not found.
"C:\windows\SysWOW64\Drivers\X6va029" => File/Folder not found.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully.
C:\ProgramData\Spybot - Search & Destroy => moved successfully.
C:\Users\kamil\AppData\Local\PUTTY.RND => moved successfully.
C:\ProgramData\DP45977C.lfl => moved successfully.
Trojan.Sathurbot, C:\ProgramData\Microsoft\Performance\Monitor => Error: No automatic fix found for this entry.
C:\Users\kamil\Downloads\PowerISO6-x64.exe => moved successfully.
C:\Users\kamil\Downloads\SetupYTD.exe => moved successfully.
C:\Users\kamil\AppData\Roaming\Mozilla\Firefox\Profiles\c4u54vsm.default\prefs.js => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0464C94D-2867-47AC-88AA-18398204BB19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0464C94D-2867-47AC-88AA-18398204BB19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OFFICE2013ACT" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BEE4049-BB94-4FBE-A3E4-E0F8491FDAC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BEE4049-BB94-4FBE-A3E4-E0F8491FDAC9}" => key removed successfully
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{43E9D95F-09D9-4813-93CE-46896AE6EB3B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43E9D95F-09D9-4813-93CE-46896AE6EB3B}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E1D151B-A618-4A0F-B1E8-2F72AADB5212}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E1D151B-A618-4A0F-B1E8-2F72AADB5212}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9E87C7E5-1374-4491-9ADC-C7C758832DA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E87C7E5-1374-4491-9ADC-C7C758832DA4}" => key removed successfully
C:\Windows\System32\Tasks\Lenovo\Dependency Package Auto Update => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Dependency Package Auto Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB34B5D3-AB1A-41E3-9EE1-2649B87624A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB34B5D3-AB1A-41E3-9EE1-2649B87624A3}" => key removed successfully
C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-kamil.schulz@hotmail.com => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-MicrosoftAccount-kamil.schulz@hotmail.com" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E58EC9B9-2EE1-4DBB-9684-3E52F01C36C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E58EC9B9-2EE1-4DBB-9684-3E52F01C36C3}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5C720CB-2F3D-43A9-9578-54BC98FBD9FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5C720CB-2F3D-43A9-9578-54BC98FBD9FA}" => key removed successfully
C:\Windows\System32\Tasks\TnICheckExplorerFunction => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TnICheckExplorerFunction" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBDAD8C0-B37B-4DF2-BB6F-896C071FBBEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBDAD8C0-B37B-4DF2-BB6F-896C071FBBEC}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
C:\windows\Tasks\Adobe Flash Player Updater.job => moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Users\kamil\SkyDrive => ":ms-properties" ADS removed successfully.
"C:\Users\kamil\SkyDrive (2).old" => ":ms-properties" ADS not found.
"C:\Users\kamil\SkyDrive.old" => ":ms-properties" ADS not found.

========= reg delete "HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-2680694750-434716173-396326756-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F2611DD3-4563-4C66-960A-4A87F84555C1}" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-2680694750-434716173-396326756-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F2611DD3-4563-4C66-960A-4A87F84555C1} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-2680694750-434716173-396326756-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F2611DD3-4563-4C66-960A-4A87F84555C1}" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-2680694750-434716173-396326756-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{F2611DD3-4563-4C66-960A-4A87F84555C1} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 112.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:27:29 ====

[jerabina]

Je potřeba ještě jeden fixlist:

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:

C:\ProgramData\Microsoft\Performance\Monitor

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Poté restartuj počítač.

[eben1338]

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by kamil at 2015-06-07 20:45:25 Run:2
Running from C:\Users\kamil\Desktop
Loaded Profiles: kamil (Available Profiles: kamil)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:

C:\ProgramData\Microsoft\Performance\Monitor

EmptyTemp:
End
*****************

Processes closed successfully.
C:\ProgramData\Microsoft\Performance\Monitor => moved successfully.
EmptyTemp: => 47.7 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:45:33 ====

[jerabina]

Po restartu udělej nový sken MBAM.

[eben1338]

po dokonceni scanu mbam som mohol kliknut iba na dokoncit. nakolko nic nenaslo.tu je log.

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 7.6.2015
Čas skenování: 20:51:13
Protokol: mbam scan log.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.07.05
Databáze rootkitů: v2015.06.02.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: kamil

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 368964
Uplynulý čas: 14 min, 26 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jerabina]

Super, FRST zafungoval

Co problémy? + nový log z HJT

[eben1338]

dufam ze som neurobil zle ak som mal pri scane uz zapnuty firewall a antivirus.
tu je log. btw antivir prestal vyhadzovat virusy takze uz je to snad ok dufam .
idem restartnut pc a dufam ze mi nevyhodi zasa ten error :/

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:39:48, on 7.6.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Users\kamil\AppData\Local\Akamai\netsession_win.exe
C:\Users\kamil\AppData\Local\Akamai\netsession_win.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Users\kamil\Desktop\HiJackThis.exe
C:\Users\kamil\AppData\Local\Temp\nsp4137.tmp\setupHiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\kamil\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ASworks] C:\Windows\SysWOW64\regsvr32.exe C:\Users\kamil\AppData\Local\Ohics\loader_u.dll
O4 - HKCU\..\Run: [Ulmedia] regsvr32.exe
O4 - HKUS\S-1-5-21-2680694750-434716173-396326756-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Akamai NetSession Interface] "C:\Users\kamil\AppData\Local\Akamai\netsession_win.exe" (User '?')
O4 - HKUS\S-1-5-21-2680694750-434716173-396326756-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [ASworks] C:\Windows\SysWOW64\regsvr32.exe C:\Users\kamil\AppData\Local\Ohics\loader_u.dll (User '?')
O4 - HKUS\S-1-5-21-2680694750-434716173-396326756-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Ulmedia] regsvr32.exe (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avira Email-Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12921 bytes

[eben1338]

po zapnuti mi PC mi stale vyleze tento error ,ktory davam do prilohy.
ale antivirus sa uz chova normalne a nevyhadzuje stale tie trojany ako predtym.

kazdopadne dakujem za vasu ochotu a cas. ste borci. uz aj toto je uspech pre mna