﻿Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by darkane at 2015-01-08 07:33:57 Run:1
Running from C:\Users\darka_000\Desktop
Loaded Profile: darkane (Available profiles: UpdatusUser & darkane & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2802680610-4246973846-2910803817-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2802680610-4246973846-2910803817-1002\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sh4native Sh4Removal

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2802680610-4246973846-2910803817-1002 -> {78FDCB90-1064-4681-B14C-6678967791AE} URL = http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194

FF Extension: downintabmaxmax - C:\Users\darka_000\AppData\Roaming\Mozilla\Firefox\Profiles\9yz2pq69.default\Extensions\downintab@max.max [2015-01-07]
FF Extension: jid1eMhaOaq3SPBFDgjetpack - C:\Users\darka_000\AppData\Roaming\Mozilla\Firefox\Profiles\9yz2pq69.default\Extensions\jid1-eMhaOaq3SPBFDg@jetpack [2015-01-07]

CHR DefaultSearchURL: Default -> http://search.seznam.cz/?q={searchTerms}
CHR DefaultSuggestURL: Default -> http:///suggest.fulltext.seznam.cz/?dict=fulltext_ff&phrase={searchTerms}&encoding={inputEncoding}&response_encoding=utf-8
CHR Extension: (ejihekcemjghahmoofljdfbgkocndmem) - C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejihekcemjghahmoofljdfbgkocndmem [2015-01-07]
CHR Extension: (mihcahmgecmbnbcchbopgniflfhgnkff) - C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-07]

R2 Update Service for Media Saver; C:\Program Files (x86)\Media Saver\Basement\ExtensionUpdaterService.exe [136200 2014-12-05] ()
C:\Program Files (x86)\Media Saver
S3 esgiguard; D:\down\PROG\SpyHunter-4.18.9.-4384\SpyHunter\esgiguard.sys [16432 2014-10-24] (Enigma Software Group USA, LLC.)
D:\down\PROG\SpyHunter-4.18.9.-4384\SpyHunter
S1 agcnnlxt; \??\C:\WINDOWS\system32\drivers\agcnnlxt.sys [X]

2015-01-07 17:00 - 2015-01-07 17:01 - 00017386 _____ () C:\Users\darka_000\Desktop\FRST.txt
2015-01-07 16:57 - 2015-01-07 16:57 - 00029696 _____ () C:\Users\darka_000\AppData\Local\MSGBOX.EXE
2015-01-07 16:57 - 2015-01-07 16:57 - 00015327 _____ () C:\Users\darka_000\Desktop\LM.bat
2015-01-07 16:56 - 2015-01-07 16:56 - 00112640 _____ (forum.viry.cz) C:\Users\darka_000\Desktop\FRSTLauncher.exe
2015-01-07 10:47 - 2015-01-07 11:58 - 00000000 ____D () C:\AdwCleaner
2015-01-07 10:47 - 2015-01-07 10:49 - 00000000 ____D () C:\rsit
2015-01-07 10:47 - 2015-01-07 10:47 - 00000000 ____D () C:\Program Files\trend micro
2015-01-07 10:46 - 2015-01-07 10:46 - 02173952 _____ () C:\Users\darka_000\Desktop\adwcleaner_4.106.exe
2015-01-07 10:46 - 2013-10-31 09:59 - 00935175 _____ () C:\Users\darka_000\Desktop\RSITx64.exe

CMD: del C:\Users\darka_000\AppData\Roaming\*.exe
Task: {636179E9-6485-4F66-A73F-45AE685BAA1C} - System32\Tasks\SpyHunter4Startup => C:\Users\darka_000\Desktop\SpyHunter-4.18.9.-4384\SpyHunter\SpyHunter4.exe
Task: {64ADB6A3-FF64-46E6-9292-FAE76B3036EF} - System32\Tasks\HKU => C:\Users\darka_000\AppData\Roaming\HKU.exe [2015-01-04] (HDQ-1.2cV04.01) <==== ATTENTION
Task: {7CB9FCB2-1C87-4803-BCD2-D33691A3476A} - System32\Tasks\ICBWRJZE => C:\Users\darka_000\AppData\Roaming\ICBWRJZE.exe [2015-01-04] (HDQ-1.2cV04.01) <==== ATTENTION
Task: {9F3358BA-311C-47F1-A176-D93D7CF26D6A} - System32\Tasks\MRKNPH => C:\Users\darka_000\AppData\Roaming\MRKNPH.exe [2015-01-03] (joep) <==== ATTENTION
Task: {DEE24C02-D594-4387-8273-875B7A2AB58F} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {F28597A9-FB82-41DF-94C3-3B5BC677A8D7} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {F395750F-9419-4396-906B-D8F6DEBBCF1D} - System32\Tasks\{BEBBD547-0110-43F5-A41A-156D98E375B2} => pcalua.exe -a C:\Users\darka_000\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=smt
Task: {F832BB81-330B-4777-88EA-BF6C1F08C973} - System32\Tasks\{98BA54AA-7E02-4274-9F74-6B81B029BF49} => pcalua.exe -a C:\Users\darka_000\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=exp
Task: {FE8FBB7F-BA8F-4964-8FEF-0A7535C1017E} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2014-11-20] ()
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HKU.job => C:\Users\darka_000\AppData\Roaming\HKU.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ICBWRJZE.job => C:\Users\darka_000\AppData\Roaming\ICBWRJZE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\MRKNPH.job => C:\Users\darka_000\AppData\Roaming\MRKNPH.exe <==== ATTENTION

C:\Users\darka_000\AppData\Roaming\HKU.exe
C:\Users\darka_000\AppData\Roaming\ICBWRJZE.exe
C:\Users\darka_000\AppData\Roaming\MRKNPH.exe
C:\Users\darka_000\AppData\Roaming\omiga-plus
C:\Users\darka_000\AppData\Roaming\webssearches
C:\WINDOWS\AutoKMS\AutoKMS.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
HKU\S-1-5-21-2802680610-4246973846-2910803817-1002\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeSyncProcess => value deleted successfully.
HKU\S-1-5-21-2802680610-4246973846-2910803817-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2802680610-4246973846-2910803817-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{78FDCB90-1064-4681-B14C-6678967791AE}" => Key deleted successfully.
HKCR\CLSID\{78FDCB90-1064-4681-B14C-6678967791AE} => Key not found. 
C:\Users\darka_000\AppData\Roaming\Mozilla\Firefox\Profiles\9yz2pq69.default\Extensions\downintab@max.max => Moved successfully.
C:\Users\darka_000\AppData\Roaming\Mozilla\Firefox\Profiles\9yz2pq69.default\Extensions\jid1-eMhaOaq3SPBFDg@jetpack => Moved successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejihekcemjghahmoofljdfbgkocndmem => Moved successfully.
C:\Users\darka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff => Moved successfully.
Update Service for Media Saver => Service stopped successfully.
Update Service for Media Saver => Service deleted successfully.
C:\Program Files (x86)\Media Saver => Moved successfully.
esgiguard => Service deleted successfully.
"D:\down\PROG\SpyHunter-4.18.9.-4384\SpyHunter" => File/Directory not found.
agcnnlxt => Service deleted successfully.
"C:\Users\darka_000\Desktop\FRST.txt" => File/Directory not found.
C:\Users\darka_000\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Users\darka_000\Desktop\LM.bat => Moved successfully.
C:\Users\darka_000\Desktop\FRSTLauncher.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\darka_000\Desktop\adwcleaner_4.106.exe => Moved successfully.
C:\Users\darka_000\Desktop\RSITx64.exe => Moved successfully.

=========  del C:\Users\darka_000\AppData\Roaming\*.exe =========


========= End of CMD: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{636179E9-6485-4F66-A73F-45AE685BAA1C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{636179E9-6485-4F66-A73F-45AE685BAA1C}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64ADB6A3-FF64-46E6-9292-FAE76B3036EF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64ADB6A3-FF64-46E6-9292-FAE76B3036EF}" => Key deleted successfully.
C:\Windows\System32\Tasks\HKU => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HKU" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CB9FCB2-1C87-4803-BCD2-D33691A3476A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CB9FCB2-1C87-4803-BCD2-D33691A3476A}" => Key deleted successfully.
C:\Windows\System32\Tasks\ICBWRJZE => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ICBWRJZE" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F3358BA-311C-47F1-A176-D93D7CF26D6A} => Key not found. 
C:\Windows\System32\Tasks\MRKNPH not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MRKNPH => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DEE24C02-D594-4387-8273-875B7A2AB58F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEE24C02-D594-4387-8273-875B7A2AB58F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F28597A9-FB82-41DF-94C3-3B5BC677A8D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F28597A9-FB82-41DF-94C3-3B5BC677A8D7}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F395750F-9419-4396-906B-D8F6DEBBCF1D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F395750F-9419-4396-906B-D8F6DEBBCF1D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{BEBBD547-0110-43F5-A41A-156D98E375B2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BEBBD547-0110-43F5-A41A-156D98E375B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F832BB81-330B-4777-88EA-BF6C1F08C973}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F832BB81-330B-4777-88EA-BF6C1F08C973}" => Key deleted successfully.
C:\Windows\System32\Tasks\{98BA54AA-7E02-4274-9F74-6B81B029BF49} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{98BA54AA-7E02-4274-9F74-6B81B029BF49}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FE8FBB7F-BA8F-4964-8FEF-0A7535C1017E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE8FBB7F-BA8F-4964-8FEF-0A7535C1017E}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\HKU.job => Moved successfully.
C:\WINDOWS\Tasks\ICBWRJZE.job => Moved successfully.
C:\WINDOWS\Tasks\MRKNPH.job not found.
"C:\Users\darka_000\AppData\Roaming\HKU.exe" => File/Directory not found.
"C:\Users\darka_000\AppData\Roaming\ICBWRJZE.exe" => File/Directory not found.
"C:\Users\darka_000\AppData\Roaming\MRKNPH.exe" => File/Directory not found.
"C:\Users\darka_000\AppData\Roaming\omiga-plus" => File/Directory not found.
"C:\Users\darka_000\AppData\Roaming\webssearches" => File/Directory not found.
C:\WINDOWS\AutoKMS\AutoKMS.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.8 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 07:34:55 ====