prosím o kontrolu logu, moc děkuji

[evzen789]

RogueKiller V10.11.4.0 (x64) [Nov 2 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : evzen 2013 [Administrator]
Started from : C:\Users\evzen 2013\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 11/03/2015 22:35:03

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub (system32\drivers\tsusbhub.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2494760470-430639935-1780341574-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.bing.com -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2494760470-430639935-1780341574-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.bing.com -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.42.32.10 8.8.8.8 ([X][-]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.42.32.10 8.8.8.8 ([X][-]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.42.32.10 8.8.8.8 ([X][-]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 9 ¤¤¤
[PUP][Folder] C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} -> Found
[PUP][Folder] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432} -> Found
[PUP][Folder] C:\ProgramData\{4275E5EA-6E30-48EB-A209-F964539CBE1C} -> Found
[PUP][Folder] C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7} -> Found
[PUP][Folder] C:\ProgramData\{580B8E22-2CB8-4C43-AE50-9338E581C6FA} -> Found
[PUP][Folder] C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B} -> Found
[PUP][Folder] C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB} -> Found
[PUP][Folder] C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6} -> Found
[PUP][Folder] C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966} -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 4 ¤¤¤
[PUP][FIREFX:Addon] ykbokdsy.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Found
[PUP][FIREFX:Addon] ykbokdsy.default : WinToFlash Suggestor [{285ACFBB-8E53-4feb-90E6-F02A128927F3}] -> Found
[PUP][FIREFX:Addon] ykbokdsy.default : Search Enginer [searchengine@gmail.com] -> Found
[PUP][FIREFX:Addon] ykbokdsy.default : QuickSearch [quick_searchff@gmail.com] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 33a98cb19f8dba36cca90215df0e66dd
[BSP] 2479f0cd2a2377eab77c0c8cdabfe523 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 483718 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 990861312 | Size: 470047 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 05498efd536d71df3d3929b1060e50ec
[BSP] 1e4b97b46758656630b4bdfa1381f5cb : Unknown MBR Code
Partition table:
0 - [XXXXXX] HIBER (0xa0) [VISIBLE] Offset (sectors): 4284574052 | Size: 854113 MB
1 - [XXXXXX] UNKNOWN (0x64) [VISIBLE] Offset (sectors): 168689525 | Size: 953964 MB
2 - [XXXXXX] UNKNOWN (0x6a) [VISIBLE] Offset (sectors): 778201452 | Size: 1314189 MB
3 - [XXXXXX] UNKNOWN (0x75) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

[Reklama]

[evzen789]

pardon, už jdu na to

[evzen789]

tak tady je log který jsem dělal předtím ale nemohl jsem ho najít, hádám tedy že ten zbytek znovu dělat nemusím :)




<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2015/11/03 20:26:03 +0100</date>

<logfile>mbam-log-2015-11-03 (20-26-03).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.2.0.1024</version>

<malware-database>v2015.09.22.05</malware-database>

<rootkit-database>v2015.09.18.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<hostname>EVZEN2013-PC</hostname>

<ip>169.254.16.85</ip>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>evzen 2013</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>395104</objects>

<time>942</time>

<processes>0</processes>

<modules>0</modules>

<keys>8</keys>

<values>2</values>

<datas>1</datas>

<folders>3</folders>

<files>18</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaahlfahldnilidgnlikdckbfehhca</path>

<vendor>PUP.Optional.SearchExtension</vendor>

<action>success</action>

<hash>28c575bdcdbec57118b293257c88d729</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}</path>

<vendor>PUP.Optional.SearchResults</vendor>

<action>success</action>

<hash>8c61062c1b70d95d78e13d7c1fe51be5</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaahlfahldnilidgnlikdckbfehhca</path>

<vendor>PUP.Optional.SearchExtension</vendor>

<action>success</action>

<hash>8d6051e12962ab8bf4d602b648bc3bc5</hash>

</key>


-<key>

<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV</path>

<vendor>PUP.Optional.PCSpeedUp</vendor>

<action>success</action>

<hash>10dd3af8fa913cfa1757dcd50bf96b95</hash>

</key>


-<key>

<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\UpdateCheckerApp</path>

<vendor>PUP.Optional.UpdateCheckerApp</vendor>

<action>success</action>

<hash>45a854deb1da0333f7b36064a460c63a</hash>

</key>


-<key>

<path>HKU\S-1-5-18\SOFTWARE\Internet Speed Checker-nv</path>

<vendor>PUP.Optional.InternetSpeedChecker.PrxySvrRST</vendor>

<action>success</action>

<hash>806d181ad7b4d85e9d9047ef9370a957</hash>

</key>


-<key>

<path>HKU\S-1-5-18\SOFTWARE\Internet Speed Checker-nv-ie</path>

<vendor>PUP.Optional.InternetSpeedChecker.PrxySvrRST</vendor>

<action>success</action>

<hash>c82588aa65268ea81c11fb3bbc47649c</hash>

</key>


-<key>

<path>HKU\S-1-5-21-2494760470-430639935-1780341574-1001\SOFTWARE\Internet Speed Checker-nv-ie</path>

<vendor>PUP.Optional.InternetSpeedChecker.PrxySvrRST</vendor>

<action>success</action>

<hash>6984062c236858deb87546f0847f6c94</hash>

</key>


-<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}</path>

<valuename>URL</valuename>

<vendor>PUP.Optional.SearchResults</vendor>

<action>success</action>

<valuedata>http://dts.search-results.com/sr?src=ieb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=1462893702054055&q={searchTerms}</valuedata>

<hash>8c61062c1b70d95d78e13d7c1fe51be5</hash>

</value>


-<value>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}</path>

<valuename>SuggestionsURL_JSON</valuename>

<vendor>PUP.Optional.SearchQu</vendor>

<action>success</action>

<valuedata>http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=1462893702054055&qu={searchTerms}&ft=json</valuedata>

<hash>df0ec86ad9b2241284d2467353b1e41c</hash>

</value>


-<data>

<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path>

<valuename>DefaultScope</valuename>

<vendor>PUP.Optional.Qone8</vendor>

<action>replaced</action>

<valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata>

<baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata>

<gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata>

<hash>e10c062cf69573c3679e88ec9570ac54</hash>

</data>


-<folder>

<path>C:\Program Files (x86)\DanuSoft Free Keylogger</path>

<vendor>PUP.KeyLogger</vendor>

<action>success</action>

<hash>8f5e1919c2c9f244bc281b64a26206fa</hash>

</folder>


-<folder>

<path>C:\Users\evzen 2013\Documents\Optimizer Pro</path>

<vendor>PUP.Optional.OptimizerPro</vendor>

<action>success</action>

<hash>e00d80b2dcafc0761a2c941c4cb87987</hash>

</folder>


-<folder>

<path>C:\Users\evzen 2013\AppData\LocalLow\DataMngr</path>

<vendor>PUP.Optional.DataMngr</vendor>

<action>success</action>

<hash>ca23a2906229a690d63ea66e3ec58e72</hash>

</folder>


-<file>

<path>C:\Windows\SysWOW64\acumncapucm.exe</path>

<vendor>PUP.Optional.BitCoinMiner</vendor>

<action>success</action>

<hash>737a88aa7b106ec87c747723f40ef808</hash>

</file>


-<file>

<path>C:\Windows\SysWOW64\acumnctecky.exe</path>

<vendor>PUP.Optional.BitCoinMiner</vendor>

<action>success</action>

<hash>9b52ff331f6cfb3ba0502b6fe71b649c</hash>

</file>


-<file>

<path>C:\Windows\SysWOW64\lcpmncapucm.exe</path>

<vendor>PUP.BitCoinMiner</vendor>

<action>success</action>

<hash>b934ef430685be78b2f2a63f58a8b34d</hash>

</file>


-<file>

<path>C:\Windows\SysWOW64\lcpmnctecky.exe</path>

<vendor>PUP.BitCoinMiner</vendor>

<action>success</action>

<hash>856859d98308a88ea400f3f2817f0af6</hash>

</file>


-<file>

<path>C:\Windows\SysWOW64\dcgmncapucm.exe</path>

<vendor>Trojan.BitCoinMiner</vendor>

<action>success</action>

<hash>5d90ab8759323402f33b3764a161c838</hash>

</file>


-<file>

<path>C:\Windows\SysWOW64\dcgmnctecky.exe</path>

<vendor>Trojan.BitCoinMiner</vendor>

<action>success</action>

<hash>5598d35feba0112529055d3ed32fa45c</hash>

</file>


-<file>

<path>C:\Users\evzen 2013\Downloads\synthogy ivory grand pia...kontakt 5.03.torrent.exe</path>

<vendor>PUP.Optional.Elite</vendor>

<action>success</action>

<hash>e706c76bdfacd56187a4dc5a57a97090</hash>

</file>


-<file>

<path>C:\Users\evzen 2013\Downloads\ProgDVB Professional v6.96.1 (Trial Resetter)(x86-x64) [Premium].exe</path>

<vendor>PUP.Optional.Taimed</vendor>

<action>success</action>

<hash>b637bf73b4d72610f9c93f6c55b008f8</hash>

</file>


-<file>

<path>C:\Users\evzen 2013\Downloads\Nepotvrzeno 368586.crdownload</path>

<vendor>PUP.HackTool</vendor>

<action>success</action>

<hash>ffeeec46d9b25cdacbbb832853ae48b8</hash>

</file>


-<file>

<path>C:\Users\evzen 2013\Downloads\installer_java_English.exe</path>

<vendor>PUP.Optional.InstallCore</vendor>

<action>success</action>

<hash>04e966cc98f382b483bbb1fa739257a9</hash>

</file>


-<file>

<path>C:\Users\evzen 2013\Downloads\Brothersoft_downloader_For_Speed_Fan.exe</path>

<vendor>PUP.Optional.BSDownloader</vendor>

<action>success</action>

<hash>f4f991a18407b185c2fd05188e7216ea</hash>

</file>


-<file>

<path>C:\Windows\inf\msstp.vbe</path>

<vendor>Trojan.Agent.SCR</vendor>

<action>success</action>

<hash>cc21f1414e3da096d8679ab09c6759a7</hash>

</file>


-<file>

<path>C:\Windows\SysWOW64\msstp.vbe</path>

<vendor>Trojan.Agent.VBS</vendor>

<action>success</action>

<hash>5c91a88a8a01290db071222be320d22e</hash>

</file>


-<file>

<path>C:\Program Files (x86)\DanuSoft Free Keylogger\logfile.txt</path>

<vendor>PUP.KeyLogger</vendor>

<action>success</action>

<hash>8f5e1919c2c9f244bc281b64a26206fa</hash>

</file>


-<file>

<path>C:\Users\evzen 2013\Documents\Optimizer Pro\CookiesException.txt</path>

<vendor>PUP.Optional.OptimizerPro</vendor>

<action>success</action>

<hash>e00d80b2dcafc0761a2c941c4cb87987</hash>

</file>


-<file>

<path>C:\Users\evzen 2013\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}</path>

<vendor>PUP.Optional.DataMngr</vendor>

<action>success</action>

<hash>ca23a2906229a690d63ea66e3ec58e72</hash>

</file>


-<file>

<path>C:\Users\evzen 2013\AppData\Roaming\Mozilla\Firefox\Profiles\ykbokdsy.default\prefs.js</path>

<vendor>PUP.Optional.QuickSearch</vendor>

<action>replaced</action>

<baddata>quick_searchff@gmail.com</baddata>

<gooddata/>

<hash>f8f50c26a5e6d66005adf2c25aabb050</hash>

</file>


-<file>

<path>C:\Users\evzen 2013\AppData\Roaming\Mozilla\Firefox\Profiles\ykbokdsy.default\prefs.js</path>

<vendor>PUP.Optional.SearchEngine</vendor>

<action>replaced</action>

<baddata>searchengine@gmail.com</baddata>

<gooddata/>

<hash>df0e5bd7a7e49b9be1d31e96dd28ab55</hash>

</file>

</items>

</mbam-log>

[jaro3]

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

[evzen789]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 4.11.2015
Čas skenování: 12:35
Protokol: ooooooooooooo.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.09.22.05
Databáze rootkitů: v2015.09.18.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: evzen 2013

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 394804
Uplynulý čas: 11 min, 52 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[evzen789]

RogueKiller V10.11.4.0 (x64) [Nov 2 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : evzen 2013 [Administrator]
Started from : C:\Users\evzen 2013\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 11/04/2015 13:14:03

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Deleted
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub (system32\drivers\tsusbhub.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv (\??\C:\Windows\etdrv.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Deleted
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2494760470-430639935-1780341574-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.bing.com -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2494760470-430639935-1780341574-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://www.bing.com -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.42.32.10 8.8.8.8 ([X][-]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.42.32.10 8.8.8.8 ([X][-]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.42.32.10 8.8.8.8 ([X][-]) -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 9 ¤¤¤
[PUP][Folder] C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} -> Deleted
[PUP][File] C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi -> Deleted
[PUP][Folder] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432} -> Removed at reboot [91]
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.exe -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.msi -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.res -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\mia.lib -> Removed at reboot [5]
[PUP][Folder] C:\ProgramData\{4275E5EA-6E30-48EB-A209-F964539CBE1C} -> Deleted
[PUP][File] C:\ProgramData\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\Kontakt 4 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\Kontakt 4 Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\Kontakt 4 Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\Kontakt 4 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\Kontakt 4 Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\mia.lib -> Deleted
[PUP][Folder] C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7} -> Deleted
[PUP][File] C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\mia.lib -> Deleted
[PUP][File] C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.res -> Deleted
[PUP][Folder] C:\ProgramData\{580B8E22-2CB8-4C43-AE50-9338E581C6FA} -> Deleted
[PUP][File] C:\ProgramData\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}\Komplete 6 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}\Komplete 6 Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}\Komplete 6 Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}\Komplete 6 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}\Komplete 6 Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}\mia.lib -> Deleted
[PUP][Folder] C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B} -> Removed at reboot [91]
[PUP][File] C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.exe -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.msi -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.res -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\mia.lib -> Removed at reboot [5]
[PUP][Folder] C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB} -> Deleted
[PUP][File] C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\mia.lib -> Deleted
[PUP][File] C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.dat -> Deleted
[PUP][File] C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.exe -> Deleted
[PUP][File] C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.msi -> Deleted
[PUP][File] C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.par -> Deleted
[PUP][File] C:\ProgramData\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.res -> Deleted
[PUP][Folder] C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6} -> Deleted
[PUP][File] C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}\mia.lib -> Deleted
[PUP][Folder] C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966} -> Removed at reboot [91]
[PUP][File] C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966}\mia.lib -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966}\Reaktor 5 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966}\Reaktor 5 Setup PC.exe -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966}\Reaktor 5 Setup PC.msi -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966}\Reaktor 5 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{F92C204F-6C39-4D56-B100-EC929C871966}\Reaktor 5 Setup PC.res -> Removed at reboot [5]

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 7 ¤¤¤
[FIREFX:Addon] ykbokdsy.default : Force-TLS [forcetls@sid.stamm] -> Deleted
[PUP][FIREFX:Addon] ykbokdsy.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Deleted
[PUP][FIREFX:Addon] ykbokdsy.default : WinToFlash Suggestor [{285ACFBB-8E53-4feb-90E6-F02A128927F3}] -> Deleted
[FIREFX:Addon] ykbokdsy.default : PDF Architect Converter For Firefox [FFPDFArchitectConverter@pdfarchitect.com] -> Deleted
[PUP][FIREFX:Addon] ykbokdsy.default : Search Enginer [searchengine@gmail.com] -> Deleted
[FIREFX:Addon] ykbokdsy.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Deleted
[PUP][FIREFX:Addon] ykbokdsy.default : QuickSearch [quick_searchff@gmail.com] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 33a98cb19f8dba36cca90215df0e66dd
[BSP] 2479f0cd2a2377eab77c0c8cdabfe523 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 483718 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 990861312 | Size: 470047 MB
User = LL1 ... OK
User = LL2 ... OK

[evzen789]

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by evzen 2013 on st 04.11.2015 at 13:23:17,86.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\evzen 2013\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4.11.2015 13:25:49 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Nikon deleted successfully
C:\PROGRA~2\Pando Networks deleted successfully
C:\PROGRA~2\ProgDVB deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\ProgDVB deleted successfully
C:\Program Files\PSPaudioware deleted successfully
C:\Program Files\VideoLAN deleted successfully
C:\PROGRA~3\DAEMON Tools Lite deleted successfully
C:\PROGRA~3\Waves Audio deleted successfully
C:\Users\evzen 2013\AppData\Roaming\Plugin Alliance deleted successfully
C:\Users\evzen 2013\AppData\Local\LG Electronics deleted successfully
C:\Users\evzen 2013\AppData\Local\Nikon deleted successfully
C:\Users\evzen 2013\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\evzen 2013\AppData\Local\PokerStars deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\EVZEN2~1\AppData\Roaming\Mozilla\Firefox\Profiles\ykbokdsy.default\prefs.js:
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?ie=UTF-8&oe=utf-8&q=");

Added to C:\Users\EVZEN2~1\AppData\Roaming\Mozilla\Firefox\Profiles\ykbokdsy.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\EVZEN2~1\AppData\Roaming\Mozilla\Firefox\Profiles\ykbokdsy.default

user.js not found
---- Lines suggestor removed from prefs.js ----
user_pref("extensions.WinToFlashSuggestor.aid", "10045");
user_pref("extensions.WinToFlashSuggestor.uid", "d7ddf9b25824f9e89050932020bc40e9");
---- Lines widdit removed from prefs.js ----
user_pref("extensions.widdit42586.installDate", "2013-4-12");
user_pref("extensions.widdit42586.isTrackedInstall", true);
user_pref("extensions.widdit42586.isUninstallPageShown", false);
---- Lines FFPDFArchitectConverter@pdfarchitect.com removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"forcetls@sid.stamm\":{\"d\":\"C:\\\\Users\\\\evzen 2013\\\\AppData\\\\Roaming\\\\Mozilla\\\\Fire
---- FireFox user.js and prefs.js backups ----

prefs_04.11.2015_1333_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Nikon not found
C:\PROGRA~2\Pando Networks not found
C:\PROGRA~2\ProgDVB not found
C:\PROGRA~2\R.G. Mechanics not found
C:\PROGRA~2\VST deleted
C:\PROGRA~2\VstPlugIns deleted
C:\Windows\sysWoW64\config\systemprofile\.android deleted
C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted
C:\found.000 deleted
C:\Users\evzen 2013\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\Users\evzen 2013\AppData\Roaming\msregsvv.dll deleted
C:\Users\evzen 2013\AppData\Roaming\ICQ Search deleted
C:\PROGRA~3\ICQ deleted
C:\PROGRA~3\{13C5090D-8DAD-437E-B069-232C287DA432} deleted
C:\PROGRA~3\{9327ACE9-CC82-4A33-9B33-291ACA1E267B} deleted
C:\PROGRA~3\{F92C204F-6C39-4D56-B100-EC929C871966} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\evzen 2013\AppData\Local\Unity deleted
C:\Users\evzen 2013\AppData\LocalLow\Unity deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\evzen 2013\AppData\Roaming\Widgets" deleted
"C:\Users\evzen 2013\AppData\Roaming\Woodwinds" deleted
"C:\ProgramData\WebServer" deleted
"C:\ProgramData\Woodwind" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\EVZEN2~1\AppData\Roaming\Mozilla\Firefox\Profiles\ykbokdsy.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"FFPDFArchitectConverter@pdfarchitect.com"=hex(2):43,00,3a,00,5c,00,50,00,72,\ []

==== Firefox Extensions ======================

ProfilePath: C:\Users\EVZEN2~1\AppData\Roaming\Mozilla\Firefox\Profiles\ykbokdsy.default
- Undetermined - C:\Users\evzen 2013\AppData\Roaming\Mozilla\Firefox\Profiles\ykbokdsy.default\extensions\searchengine@gmail.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[12.10.2015 08:31]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130854310884069798&GUID=D6CA2475-94FE-43BC-90F1-9B34391CDBAA"
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130854310884069798&GUID=D6CA2475-94FE-43BC-90F1-9B34391CDBAA"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\evzen 2013\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\evzen 2013\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\evzen 2013\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\evzen 2013\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\evzen 2013\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1459 folders=731 1169014419 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\evzen 2013\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\EVZEN2~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on st 04.11.2015 at 13:40:34,79 ======================

[evzen789]

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:48:11, on 4.11.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)

FIREFOX: 37.0.2 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\evzen 2013\AppData\Roaming\uTorrent\utorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Automatické vypnutí počítače\avp.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\evzen 2013\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 34391CDBAA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 34391CDBAA
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mncteckySrv] C:\Windows\system32\mnctecky.vbe
O4 - HKLM\..\Run: [mncapucmSrv] C:\Windows\system32\mncapucm.vbe
O4 - HKLM\..\Run: [MSStp] C:\Windows\system32\msstp.vbe
O4 - HKLM\..\Run: [mncprvpSrv] C:\Windows\inf\mncprvp.vbe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [uTorrent] "C:\Users\evzen 2013\AppData\Roaming\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Automatické vypnutí počítače.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Export do &Tahiti - C:\Program Files (x86)\LightComp eDoklady Skenováni\iehelper.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files (x86)\QIP\qip.exe (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://www.battlefieldheroes.com/static ... .203.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12702 bytes

[evzen789]

bohužel je to pořád stejné, nejde internet, dal jsem diagnostiku sítě a vyjelo mi že "není spuštěná služba dps (diagnostic policy service)

dále mi po restartu vyjíždí že "Program mncprvp.exe přestal pracovat

dále když mi ovládací panel nvidia napíše že nebyla detekovaná graf. karta Nvidia, díval jsem se přes ovládací panel na informace o graf. adaptéru tak tam nejsou k dispozici žádné informace :(

[jerabina]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu, klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[evzen789]

ComboFix 15-10-28.01 - evzen 2013 04.11.2015 15:55:48.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.6142.4625 [GMT 1:00]
Spuštěný z: c:\users\evzen 2013\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\test.txt
c:\users\evzen 2013\AppData\Local\Plus500
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\BigLoading.gif
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_AutoYScaleDown.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_AutoYScaleUp.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_Cancel.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_cashier.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_CrosshairDown.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_CrosshairUp.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_DemoMode.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_downarrow_red.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_Help.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_Help2.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_ChartSettings.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_MoveDown.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_MoveUp.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_OK.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_RateAlerts.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_RealMode.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_Search.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_SetupIndicators.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToCandleStick.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToFun.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToLine.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_SwitchToReal.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_ZoomIn.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_ZoomOut.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\but_ZoomReset.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\challenge_loading.gif
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\iconDelete.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_ABNAMRO.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_AboutWallpaper.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_ArrowDown.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_ArrowUp.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_Barclays.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_BigBell.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_BigBellSelected.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_BigFavorite.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_BigFavoriteSelected.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_BuySellSeparator.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_BuySellWallpaper.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierDepositWallpaper.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierDepositWallpaper_Lock.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper_OneMargin.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper1.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper1s.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper2.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper2s.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper3.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierMainWallpaper3s.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierUploadDocRegulation.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CashierUploadDocRegulationNoBonus.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_CommonwealthBank.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_Error.PNG
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_GuaranteedStop.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_ChallengeStandings_Wallpaper.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_ChartToolbar.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_IBB.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_InstrumentScreenLeftWallpaper.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_InstrumentScreenRightWallpaper.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_LoginWallpaper.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList0.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList1.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList2.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList3.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList4.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList5.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList6.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList7.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyIconsImageList8.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyLeftWallpaper.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_MainLobbyRightWallpaper.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\img_RateUs.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\InvestSmallBtns.ssk
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\InvestSoft.ssk
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\Loading.gif
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_AuthorisationForm.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_BankDraft.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_BankStatement.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_BPay.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CashU.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCard.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsAmex.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsDiners.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsDiscover.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsEnRoute.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsIsracard.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsJcb.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsMasterCard.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsUnkown.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_CreditCardsVisa.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_Doc.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_ECard.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_Email.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_ENets.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_GiroPay.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_IDeal.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_ING.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_Nordea.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_OnlineUberweisung.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_Other.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_PayMethod.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_PayPal.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_Phone.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_PhotoID.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_ResidenceVerification.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_SelfPhoto.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_Skrill.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_Sofortuberweisung.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_WesternUnion.png
c:\users\evzen 2013\AppData\Local\Plus500\Languages\cs\Images\VC_Wire.png
c:\users\evzen 2013\AppData\Local\Plus500\Main\configuration.xml
c:\users\evzen 2013\AppData\Local\Plus500\Main\InstrumentsInfo.xml
c:\users\evzen 2013\AppData\Local\Plus500\Main\InvestSoft.log
c:\users\evzen 2013\AppData\Local\Plus500\Main\InvestSoft.log.1
c:\users\evzen 2013\AppData\Local\Plus500\Main\InvestSoft.log.2
c:\users\evzen 2013\AppData\Local\Plus500\Main\InvestSoft.log.3
c:\users\evzen 2013\AppData\Local\Plus500\Main\InvestSoft.log.4
c:\users\evzen 2013\AppData\Local\Plus500\Main\InvestSoftProject.exe
c:\users\evzen 2013\AppData\Local\Plus500\Main\InvestSoftProject.jdbg
c:\users\evzen 2013\AppData\Local\Plus500\Main\log4delphi.log
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\AboutGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\AboutGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\AddPayMethodsScreenGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\AddPayMethodsScreenGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\AdjustmentGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\AdjustmentGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\AlertsGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\AlertsGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\AMLWarningGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\AMLWarningGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\BuySellGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\BuySellGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierAddressVerificationGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierBonusAccountGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierDepositGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierDepositGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierEmailVerificationGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_ASIC_GUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_ASIC_GUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierFullRegistration_FSA_GUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierFullRegistrationGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierGUIbrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierHistoryGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierHistoryGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierChangePasswordGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierMainGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierMainGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierPhoneVerificationGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireFSA_NEW_GUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireFSA_NEW_GUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierQuestionnaireGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierReportsGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierReportsGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierSnapshotGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierSnapshotGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierUploadDocsGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CashierWithdrawGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ClosePositionGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ClosePositionGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\Countries.xml
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CreateUserGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\CreateUserGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\DontShowAgainGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\DontShowAgainGUIbrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\EquityWarningGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\EquityWarningGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\FavoritesSetupGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ForgotPasswordGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ChallengeCreateGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ChallengeCreateGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ChallengeHelpGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ChallengeHelpGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ChallengeInviteGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ChallengeInviteGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ChallengeStandingsGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ChallengeStandingsGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ChartGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ChartGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsADXGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsAligatorGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsBollingerGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsEnvelopesGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsMACDOsMAGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsMovingAverageGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsParabolicSARGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsPeriodGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IndicatorsStochasticGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\InstrumentScreenGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\InvestSoft.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\InvestSoftBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IsRealGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\IsRealGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\LinkMessageDlgGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\LiveChatGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\LiveChatGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\LoginGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\LoginGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\MainLobbyGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\MainLobbyGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\Nationalities.xml
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\PaymentMEthodsScreenGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ProcessingGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ProcessingGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\ProcessingSmallGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\RateAlertGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\RateAlertGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\RateAlertSetupGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\RateUsGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\RateUsGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\SendBankAccountGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\SendBankAccountGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\SendCreditCardGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\SendCreditCardGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\SettingsGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\SettingsGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\UploadFileControlGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\UploadFileGUI.sil
c:\users\evzen 2013\AppData\Local\Plus500\Main\SIL\UploadFileGUIBrand.sil
c:\users\evzen 2013\AppData\Local\Plus500\Update\500w.exe
c:\users\evzen 2013\AppData\Local\Plus500\Update\500z.exe
c:\users\evzen 2013\AppData\Local\Plus500\Update\product.ico
c:\users\evzen 2013\AppData\Local\Plus500\Update\ResourceChange.exe
c:\users\evzen 2013\AppData\Local\Plus500\Update\uninstall.ico
c:\windows\msvcr71.dll
c:\windows\SysWow64\hookdll.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-10-04 do 2015-11-04 )))))))))))))))))))))))))))))))
.
.
2015-11-04 15:02 . 2015-11-04 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-04 14:16 . 2015-11-04 14:16 -------- d-----w- c:\windows\Options
2015-11-04 14:16 . 2008-05-19 12:45 448000 ----a-w- c:\windows\system32\netr28x.sys
2015-11-04 14:16 . 2015-11-04 14:16 -------- d-----w- c:\programdata\Ralink
2015-11-04 13:32 . 2015-11-04 13:32 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A4DF5BA-678E-4CBC-BAF6-0BFAEE1B4FD1}\offreg.852.dll
2015-11-04 13:31 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A4DF5BA-678E-4CBC-BAF6-0BFAEE1B4FD1}\mpengine.dll
2015-11-04 12:59 . 2015-11-04 12:59 -------- d-----w- c:\users\evzen 2013\AppData\Local\ElevatedDiagnostics
2015-11-04 12:36 . 2015-11-04 15:04 -------- d-----w- c:\users\evzen 2013\AppData\Local\Temp
2015-11-04 12:36 . 2015-11-04 12:23 24064 ----a-w- c:\windows\zoek-delete.exe
2015-11-04 12:23 . 2015-11-04 12:40 -------- d-----w- C:\zoek_backup
2015-11-04 12:21 . 2015-11-04 13:46 -------- d-----w- c:\users\evzen 2013\AppData\Local\CrashDumps
2015-11-03 21:26 . 2015-11-04 11:55 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-11-03 21:26 . 2015-11-03 22:37 -------- d-----w- c:\programdata\RogueKiller
2015-11-03 16:26 . 2015-11-03 16:26 -------- d-----w- c:\users\evzen 2013\AppData\Local\AMD
2015-11-03 14:54 . 2015-11-04 11:34 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-03 14:53 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-03 14:53 . 2015-11-03 14:53 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-11-03 14:53 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-03 14:53 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-03 14:49 . 2015-11-03 14:49 -------- d-----w- c:\programdata\Malwarebytes
2015-11-03 14:32 . 2015-11-03 19:01 -------- d-----w- C:\AdwCleaner
2015-10-31 16:47 . 2015-06-24 13:00 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BDED03A-9F61-445E-9079-F5C5FC802ACF}\gapaengine.dll
2015-10-25 11:47 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-19 12:26 . 2015-10-19 12:26 18833096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-19 12:26 . 2013-03-13 11:37 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-19 12:26 . 2013-03-13 11:37 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-10 16:45 . 2014-12-13 03:36 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-04 20:20 . 2014-09-30 21:57 83505 ----a-w- c:\program files (x86)\Uninstal.exe
2013-01-06 15:00 . 2013-01-06 15:00 1971200 ----a-w- c:\program files\WaveShell-VST 9.2_x64.dll
2013-01-06 15:00 . 2013-01-06 15:00 1495040 ----a-w- c:\program files (x86)\WaveShell-VST 9.2.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-25 6480664]
"uTorrent"="c:\users\evzen 2013\AppData\Roaming\uTorrent\utorrent.exe" [2015-02-22 416168]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-09-27 57987712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"mncteckySrv"="c:\windows\system32\mnctecky.vbe" [2014-03-05 7670]
"mncapucmSrv"="c:\windows\system32\mncapucm.vbe" [2014-03-05 7670]
"mncprvpSrv"="c:\windows\inf\mncprvp.vbe" [2014-01-19 1342]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2012-09-13 1009288]
.
c:\users\evzen 2013\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Automatické vypnutí počítače.lnk - c:\program files (x86)\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioLegacyKeyboard_DFU.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 Mam3.sys;Service for ESI MAYA44 Audio Driver EWDM;c:\windows\system32\DRIVERS\Mam3.sys;c:\windows\SYSNATIVE\DRIVERS\Mam3.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 Mam3WDM.sys;Service for ESI MAYA44 WDM;c:\windows\system32\DRIVERS\Mam3WDM.sys;c:\windows\SYSNATIVE\DRIVERS\Mam3WDM.sys [x]
S3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioLegacyKeyboard.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 12:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"Mam3PAN.exe"="c:\windows\system32\Mam3PAN.exe" [2014-07-24 1169320]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 462712]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Export do &Tahiti - c:\program files (x86)\LightComp eDoklady Skenováni\iehelper.html
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\evzen 2013\AppData\Roaming\Mozilla\Firefox\Profiles\ykbokdsy.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-dualmonitor - (no file)
Wow6432Node-HKLM-Run-MSStp - c:\windows\system32\msstp.vbe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Native Instruments Controller Editor - c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.exe
AddRemove-Native Instruments Guitar Rig 5 - c:\programdata\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.exe
AddRemove-Native Instruments Komplete 6 - c:\programdata\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}\Komplete 6 Setup PC.exe
AddRemove-Native Instruments Kontakt 4 - c:\programdata\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\Kontakt 4 Setup PC.exe
AddRemove-Native Instruments Kontakt 5 - c:\programdata\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.exe
AddRemove-Native Instruments Reaktor 5 - c:\programdata\{F92C204F-6C39-4D56-B100-EC929C871966}\Reaktor 5 Setup PC.exe
AddRemove-Native Instruments Service Center - c:\programdata\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.exe
AddRemove-PCM Native Reverb VST Plug-in - c:\programdata\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.exe
AddRemove-Samsung Printer Live Update - c:\program files (x86)\SamsungPrinterLiveUpdateInstaller\uninstall.exe
AddRemove-ValhallaRoom_is1 - c:\programdata\Valhalla DSP
AddRemove-ValhallaUberMod_is1 - c:\programdata\Valhalla DSP
AddRemove-{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9} - c:\programdata\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.exe
AddRemove-{43E7798A-248E-4A3D-9969-FEA63543A462} - c:\programdata\{4275E5EA-6E30-48EB-A209-F964539CBE1C}\Kontakt 4 Setup PC.exe
AddRemove-{5552453B-BB76-45E3-973D-F95E458ED780} - c:\programdata\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a2199617-3609-410f-a8e8-e8806c73545b} - c:\programdata\Package Cache\{a2199617-3609-410f-a8e8-e8806c73545b}\vcredist_x64.exe
AddRemove-{B4691C58-2A6A-4AFA-960E-AEB767639E44} - c:\programdata\{A97DA822-7B29-4F18-A64A-BF94FFFE77FB}\Setup_PCM_Native_VST.exe
AddRemove-{D799CC16-F3B5-468D-AC67-6F77AAA98173} - c:\programdata\{580B8E22-2CB8-4C43-AE50-9338E581C6FA}\Komplete 6 Setup PC.exe
AddRemove-{E9EA5F38-6299-45A1-9D23-F21729A19357} - c:\programdata\{F92C204F-6C39-4D56-B100-EC929C871966}\Reaktor 5 Setup PC.exe
AddRemove-{f0080ca2-80ae-4958-b6eb-e8fa916d744a} - c:\programdata\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe
AddRemove-SeznamInstall - c:\users\evzen 2013\AppData\Roaming\Seznam.cz\szninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PaceLicenseDServices]
"ImagePath"="\"c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe\" -u https://activation.paceap.com/InitiateActivation"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2015-11-04 16:09:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-11-04 15:09
.
Před spuštěním: Volných bajtů: 20 022 296 576
Po spuštění: Volných bajtů: 19 452 858 368
.
- - End Of File - - F2129076EDF907E449313AA4D68E1718
A36C5E4F47E84449FF07ED3517B43A31

[evzen789]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-11-04 16:15:12
-----------------------------
16:15:12.210 OS Version: Windows x64 6.1.7601 Service Pack 1
16:15:12.210 Number of processors: 4 586 0x403
16:15:12.210 ComputerName: EVZEN2013-PC UserName: evzen 2013
16:15:13.583 Initialize success
16:15:13.598 VM: initialized successfully
16:15:13.598 VM: Amd CPU supported
16:15:21.782 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:15:21.798 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
16:15:21.969 Disk 0 MBR read successfully
16:15:21.969 Disk 0 MBR scan
16:15:21.985 Disk 0 Windows 7 default MBR code
16:15:22.001 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:15:22.001 Disk 0 Boot: NTFS code=2
16:15:22.016 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 483718 MB offset 206848
16:15:22.016 Disk 0 Partition - 00 0F Extended LBA 470047 MB offset 990861312
16:15:22.032 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 470047 MB offset 990861375
16:15:22.063 Disk 0 scanning C:\Windows\system32\drivers
16:15:29.520 Service scanning
16:15:49.223 Modules scanning
16:15:49.223 Disk 0 trace - called modules:
16:15:49.254 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
16:15:49.254 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064d7060]
16:15:49.269 3 CLASSPNP.SYS[fffff8800193943f] -> nt!IofCallDriver -> [0xfffffa80063e5940]
16:15:49.269 5 ACPI.sys[fffff88000f297a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80064c5060]
16:15:49.269 Disk 0 statistics 89472/0/0 @ 6,24 MB/s
16:15:49.269 Scan finished successfully
16:16:05.649 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
16:16:05.696 The log file has been saved successfully to "H:\aswMBR.txt"