﻿Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by Milan at 2014-07-18 22:23:29 Run:1
Running from C:\Users\Milan\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)
HKU\.DEFAULT\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-30] (Microsoft Corporation)
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-10-28] (Samsung)
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\...\Run: [OEXPRESS] => C:\ProgramData\LangSoft\OETRN.EXE [26624 2013-12-30] ()
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\...\Run: [autoactivation] => wscript.exe //B "C:\Users\Milan\AppData\Local\Temp\autoactivation.vbs" <===== ATTENTION
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3858000 2014-07-10] (Tonec Inc.)
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\...\MountPoints2: {32e559a4-0136-11e3-8424-001109da65cc} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\...\MountPoints2: {62fe2ec9-f932-11e2-83ef-806e6f6e6963} - D:\Setup.exe
IFEO\myheritage.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
Startup: C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autoactivation.vbs ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
C:\Users\Milan\AppData\Local\Temp\autoactivation.vbs

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {DD50B8FF-E937-4582-BFC1-FB3FADD5FDB5} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=Searchmodule_2
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> No File
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File

CHR HKLM\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Milan\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx [2013-07-23]
CHR HKLM\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Milan\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx [2013-02-28]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-07-10]
CHR HKCU\...\Chrome\Extension: [jmlmanpnnbnpabnonijjmnmplnbfcgbf] - C:\Program Files\NetSoftware\chromegem.crx [2014-07-10]

C:\Users\Milan\AppData\Local\Rich Media Player
2014-07-18 19:30 - 2014-07-18 19:31 - 00022573 _____ () C:\Users\Milan\Desktop\FRST.txt
2014-07-18 19:24 - 2014-07-18 19:24 - 00015327 _____ () C:\Users\Milan\Desktop\LM.bat
2014-07-18 19:23 - 2014-07-18 19:24 - 00029696 _____ () C:\Users\Milan\AppData\Local\MSGBOX.EXE
2014-07-18 18:07 - 2014-07-18 18:07 - 00018312 _____ () C:\MBAM_1.txt
2014-07-17 18:41 - 2014-07-17 18:42 - 00000000 ____D () C:\rsit
2014-07-17 18:41 - 2014-07-17 18:42 - 00000000 ____D () C:\Program Files\trend micro
2014-07-15 23:11 - 2014-07-15 23:13 - 00001343 _____ () C:\Users\Milan\Desktop\adwcleaner_3.215.exe.lnk
2014-07-15 22:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-15 22:34 - 2014-07-17 16:45 - 00000000 ____D () C:\AdwCleaner

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {E1428966-4036-438A-A7D9-CB1C339E902C} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe
C:\Windows\KMSAct.exe

AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939
C:\Windows\inf\ntvdm.vbe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent" /f

Hosts:
Reboot:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\DevconDefaultDB => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview => value deleted successfully.
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpressTrayApp => value deleted successfully.
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OEXPRESS => value deleted successfully.
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\Software\Microsoft\Windows\CurrentVersion\Run\\autoactivation => value deleted successfully.
HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan => value deleted successfully.
'HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e559a4-0136-11e3-8424-001109da65cc}' => Key deleted successfully.
'HKCR\CLSID\{32e559a4-0136-11e3-8424-001109da65cc}'=> Key not found.
'HKU\S-1-5-21-2536137262-3142679929-2204209605-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62fe2ec9-f932-11e2-83ef-806e6f6e6963}' => Key deleted successfully.
'HKCR\CLSID\{62fe2ec9-f932-11e2-83ef-806e6f6e6963}'=> Key not found.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\myheritage.exe' => Key deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autoactivation.vbs => Moved successfully.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
Could not move "C:\Users\Milan\AppData\Local\Temp\autoactivation.vbs" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DD50B8FF-E937-4582-BFC1-FB3FADD5FDB5}' => Key deleted successfully.
'HKCR\CLSID\{DD50B8FF-E937-4582-BFC1-FB3FADD5FDB5}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}' => Key deleted successfully.
'HKCR\CLSID\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} => value deleted successfully.
'HKCR\CLSID\{BFC32E1D-EE75-4A48-BC60-104E11EE2431}' => Key deleted successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\doagiokpgboiomffjfhaiimafndmmpni' => Key deleted successfully.
C:\Users\Milan\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\fkcdbkhjcaljlfolhllfneigeepmjfim' => Key deleted successfully.
C:\Users\Milan\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn' => Key deleted successfully.
C:\Program Files\Internet Download Manager\IDMGCExt.crx => Moved successfully.
'HKCU\SOFTWARE\Google\Chrome\Extensions\jmlmanpnnbnpabnonijjmnmplnbfcgbf' => Key deleted successfully.
"C:\Program Files\NetSoftware\chromegem.crx" => File/Directory not found.
C:\Users\Milan\AppData\Local\Rich Media Player => Moved successfully.
C:\Users\Milan\Desktop\FRST.txt => Moved successfully.
C:\Users\Milan\Desktop\LM.bat => Moved successfully.
C:\Users\Milan\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\MBAM_1.txt => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\Milan\Desktop\adwcleaner_3.215.exe.lnk => Moved successfully.
C:\Windows\system32\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1428966-4036-438A-A7D9-CB1C339E902C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1428966-4036-438A-A7D9-CB1C339E902C}' => Key deleted successfully.
C:\Windows\System32\Tasks\KMS Activation for Office => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS Activation for Office' => Key deleted successfully.
"C:\Windows\KMSAct.exe" => File/Directory not found.
C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.
"C:\Windows\inf\ntvdm.vbe" => File/Directory not found.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-18 22:29:34)<=

C:\Users\Milan\AppData\Local\Temp\autoactivation.vbs => Is moved successfully.

==== End of Fixlog ====