﻿Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by capík (administrator) on CAAAAAP-56793BA (02-01-2016 18:36:39)
Running from C:\Documents and Settings\capík\Local Settings\Temp
Loaded Profiles: capík (Available Profiles: capík)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: "C:\Program Files\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Sysinternals process Explorer) C:\Documents and Settings\All Users\Data aplikací\Tmp0x0x\ProtectWindowsManager.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Kingsoft Corporation) C:\Program Files\kingsoft\ksdef\ksdefserver.exe
() C:\DOCUME~1\CAPK~1\LOCALS~1\Temp\nsjB6.tmp
(tsvr.com) C:\Documents and Settings\capík\Data aplikací\TSv\TSvr.exe
() C:\Program Files\7B92231C-1447171551-11D5-B7DC-135013F7F630\knsu18C6.tmp
(TODO: <公司名>) C:\Program Files\SFK\SSFK.exe
(TFuns LIMITED) C:\Documents and Settings\All Users\Data aplikací\lWdMl\WdMan.exe
() C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010192\upgmsd_ra_005010192.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Kingsoft Corporation) C:\Program Files\kingsoft\ksdef\kslive.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [upgmsd_ra_005010192.exe] => C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010192\upgmsd_ra_005010192.exe [3263152 2015-12-30] ()
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2012-11-16] (ATI Technologies Inc.)
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-1708537768-1844237615-842925246-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-1708537768-1844237615-842925246-1003\...\MountPoints2: {688e0227-05f1-11e5-9650-0018f306487e} - E:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-1708537768-1844237615-842925246-1003\...\MountPoints2: {688e0229-05f1-11e5-9650-0018f306487e} - F:\setup\rsrc\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\Zitenop\Tintop.dll => C:\Documents and Settings\All Users\Data aplikací\Zitenop\Tintop.dll [320512 2015-11-11] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6C823907-514D-4C20-9167-FC448C18845F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449646973&z=2b8bc677e49ba0004c8ffdegdzbzftdqfzcqdt8m1z&from=ient07021&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449646973&z=2b8bc677e49ba0004c8ffdegdzbzftdqfzcqdt8m1z&from=ient07021&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449646973&z=2b8bc677e49ba0004c8ffdegdzbzftdqfzcqdt8m1z&from=ient07021&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449646973&z=2b8bc677e49ba0004c8ffdegdzbzftdqfzcqdt8m1z&from=ient07021&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhLPq5KAiexvquePIlWh4EN9mEXtR0mN4yKuDAR4ttziWWjU8MPAmTIvlGRq7LsTXM-3_oLn2VC5IXu3C
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhLPq5KAiexvquePIlWh4EN9mEXtR0mN4yKuDAR4ttziWWjU8MPAmTIvlGRq7LsTXM-3_oLn2VC5IXu3C
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
HKU\S-1-5-21-1708537768-1844237615-842925246-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
HKU\S-1-5-21-1708537768-1844237615-842925246-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449646973&z=2b8bc677e49ba0004c8ffdegdzbzftdqfzcqdt8m1z&from=ient07021&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293
HKU\S-1-5-21-1708537768-1844237615-842925246-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449646973&z=2b8bc677e49ba0004c8ffdegdzbzftdqfzcqdt8m1z&from=ient07021&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293
HKU\S-1-5-21-1708537768-1844237615-842925246-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
HKU\S-1-5-21-1708537768-1844237615-842925246-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.only-search.com/?babsrc=NT_kms&affID=132174" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449646973&z=2b8bc677e49ba0004c8ffdegdzbzftdqfzcqdt8m1z&from=ient07021&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293&q={searchTerms}
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449646973&z=2b8bc677e49ba0004c8ffdegdzbzftdqfzcqdt8m1z&from=ient07021&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-1844237615-842925246-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449646973&z=2b8bc677e49ba0004c8ffdegdzbzftdqfzcqdt8m1z&from=ient07021&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1708537768-1844237615-842925246-1003 -> {37143A45-BBFA-4070-B3E0-84E0629CA102} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_20808
SearchScopes: HKU\S-1-5-21-1708537768-1844237615-842925246-1003 -> {EA36E1C3-3E78-42AC-9498-1221C604471B} URL = hxxp://www.only-search.com/?babsrc=SP_kms&affID=132174&q={searchTerms}&r=505
SearchScopes: HKU\S-1-5-21-1708537768-1844237615-842925246-1003 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3daefMIBbhJBotjuEsagYx-Ruv_m2D1goL74ZDgpFqNObmO5R3MpzezEwIB5rgUts76PYNCZ32pvhL_nrV9h1Wu1Ax8bTdv9lPOrVF0LjLSj9IISoaC-Lev2yfwbhrzYGlKA5zgNwqzdIguzG5YcMeF7ifV6&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1447175095&z=6d614975c04b84f15faa4fcg1z3z1m1g8mez6b2e1b&from=face&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293

FireFox:
========
FF ProfilePath: C:\Documents and Settings\capík\Data aplikací\Mozilla\Firefox\Profiles\b76e5qzp.default
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&ts=1447395699&z=73dd21466f623a7e572ef05g2zezdm7cetfw6z4e3e&from=cmi&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: Search The Web (Only-Search)
FF Homepage: hxxp://www.mystartsearch.com/?type=hp&ts=1447216456&z=c0c759b6e7fade6fed02ae1g3zfzamfoegaq9g6m0g&from=cmi&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293
FF Keyword.URL: hxxp://www.only-search.com/?babsrc=KW_kms&affID=$afltId$&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1708537768-1844237615-842925246-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\capík\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-19] (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\capík\Data aplikací\Mozilla\Firefox\Profiles\b76e5qzp.default\searchplugins\istartsurf.xml [2015-11-10]
FF SearchPlugin: C:\Documents and Settings\capík\Data aplikací\Mozilla\Firefox\Profiles\b76e5qzp.default\searchplugins\onlysearchkms1.xml [2015-11-10]
FF Extension: No Name - C:\Documents and Settings\capĂ­k\Data aplikacĂ­\Mozilla\Firefox\Profiles\b76e5qzp.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: GoHD - C:\Documents and Settings\capík\Data aplikací\Mozilla\Firefox\Profiles\b76e5qzp.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com [2015-11-13] [not signed]
FF Extension: "Super Number - C:\Documents and Settings\capík\Data aplikací\Mozilla\Firefox\Profiles\b76e5qzp.default\Extensions\@C12A211387DDBC04680741550F8EA1E7C12A.xpi [2015-11-10] [not signed]
FF Extension: deskCut - C:\Documents and Settings\capík\Data aplikací\Mozilla\Firefox\Profiles\b76e5qzp.default\Extensions\deskCutv2@gmail.com [2015-11-13] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-07-08] [not signed]
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Documents and Settings\capík\Data aplikací\Mozilla\Firefox\Profiles\b76e5qzp.default\extensions\deskCutv2@gmail.com
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\!C12A211387DDBC04680741550F8EA1E7C12A.js [2015-11-10] <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\C12A211387DDBC04680741550F8EA1E7C12A [2015-11-10] <==== ATTENTION

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=1451665292&z=1c5797c7e339a88d91505ddg6z7w8g7qdq1w7ofb0w&from=cmi&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293
CHR StartupUrls: Default -> "hxxp://www.istartpageing.com/?type=hp&ts=1451665292&z=1c5797c7e339a88d91505ddg6z7w8g7qdq1w7ofb0w&from=cmi&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293"
CHR Profile: C:\Documents and Settings\capík\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\capík\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Documents and Settings\capík\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Google Search) - C:\Documents and Settings\capík\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\capík\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-25]
CHR Extension: (Gmail) - C:\Documents and Settings\capík\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-25]
CHR HKLM\...\Chrome\Extension: [iccodbepgnkhafhjajchdjkadbflkijl] - C:\Documents and Settings\capík\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\iccodbepgnkhafhjajchdjkadbflkijl.crx [2015-11-15]
StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.istartpageing.com/?type=sc&ts=1451665292&z=1c5797c7e339a88d91505ddg6z7w8g7qdq1w7ofb0w&from=cmi&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.istartpageing.com/?type=sc&ts=1451665292&z=1c5797c7e339a88d91505ddg6z7w8g7qdq1w7ofb0w&from=cmi&uid=SAMSUNGXHD320KJ_S0PAJ9DQ503293

Opera: 
=======
OPR Extension: (Opera Bookmarks Share Portal) - C:\Documents and Settings\capík\Data aplikací\Opera Software\Opera Stable\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-11-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DefSrv; C:\Program Files\kingsoft\ksdef\ksdefserver.exe [1662800 2015-11-17] (Kingsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1026288 2015-05-21] (Disc Soft Ltd)
R2 ginoquci; C:\Documents and Settings\capík\Local Settings\Temp\nsjB6.tmp [222208 2015-12-02] () [File not signed]
R2 IhPul; C:\Documents and Settings\capík\Data aplikací\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 lezuqucy; C:\Program Files\7B92231C-1447171551-11D5-B7DC-135013F7F630\knsu18C6.tmp [399872 2015-11-16] () [File not signed]
R2 SSFK; C:\Program Files\SFK\SSFK.exe [183968 2016-01-02] (TODO: <公司名>)
R2 WdMan; C:\Documents and Settings\All Users\Data aplikací\lWdMl\WdMan.exe [338056 2015-12-25] (TFuns LIMITED)
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Data aplikací\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-10] (Sysinternals process Explorer) <==== ATTENTION
S2 propsctpyo; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25016 2015-05-29] (Disc Soft Ltd)
R2 KSSafe; C:\WINDOWS\system32\drivers\KSSafe.sys [232296 2015-08-18] (Kingsoft Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2015-05-09] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2015-05-09] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2015-05-09] (Marvell Semiconductor Inc.)
S3 TSSK; C:\WINDOWS\System32\tssk.sys [67896 2015-11-23] (电脑管家)
S4 IntelIde; no ImagePath
S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\QMUdisk.sys [X]
S1 softaal; \??\C:\Program Files\Tencent\QQPCMgr\11.1.16923.222\softaal.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 18:36 - 2016-01-02 18:36 - 00000000 ____D C:\FRST
2016-01-02 18:34 - 2016-01-02 18:34 - 00015327 _____ C:\Documents and Settings\capík\Plocha\LM.bat
2016-01-02 18:31 - 2016-01-02 18:34 - 00029696 _____ C:\Documents and Settings\capík\Local Settings\Data aplikací\MSGBOX.EXE
2016-01-02 18:31 - 2016-01-02 18:31 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\capík\Plocha\FRSTLauncher.exe
2016-01-02 18:23 - 2016-01-02 18:23 - 00097456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-02 18:22 - 2016-01-02 18:22 - 00321848 _____ (Malwarebytes Corporation) C:\Documents and Settings\capík\Plocha\mbam-clean-2.1.1.1001.exe
2016-01-02 17:57 - 2016-01-02 18:04 - 00000803 _____ C:\Documents and Settings\capík\Nabídka Start\Programy\Internet Explorer.lnk
2016-01-02 06:51 - 2016-01-02 06:51 - 00960016 _____ (Generic Application ) C:\Documents and Settings\capík\Plocha\setup(1).exe
2016-01-01 08:27 - 2016-01-02 18:12 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\GAMESDESKTOP
2016-01-01 08:27 - 2016-01-02 18:10 - 00000000 ____D C:\Program Files\gmsd_ra_005010193
2016-01-01 08:27 - 2016-01-02 17:58 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010193
2015-12-30 22:16 - 2016-01-02 18:31 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010192
2015-12-30 22:16 - 2016-01-02 18:09 - 00000000 ____D C:\Program Files\gmsd_ra_005010192
2015-12-26 11:33 - 2015-12-26 11:34 - 00000000 ____D C:\WINDOWS\pss
2015-12-25 09:14 - 2015-12-26 08:04 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010185
2015-12-25 09:12 - 2015-12-25 09:13 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\lWdMl
2015-12-24 23:40 - 2015-12-24 23:40 - 00987272 _____ (Program Generic ) C:\Documents and Settings\capík\Plocha\setup.exe
2015-12-23 10:50 - 2015-12-26 08:04 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010184
2015-12-22 06:40 - 2015-12-25 08:37 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010183
2015-12-20 10:43 - 2015-12-30 21:46 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010181
2015-12-18 22:08 - 2015-12-26 08:04 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010180
2015-12-17 21:10 - 2015-12-30 23:05 - 00000000 _____ C:\WINDOWS\system32\TempWmicBatchFile.bat
2015-12-17 20:20 - 2015-12-19 07:42 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010179
2015-12-17 06:15 - 2015-12-26 08:04 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\gmsd_ra_005010178
2015-12-17 06:01 - 2016-01-01 07:58 - 00001092 _____ C:\Documents and Settings\capík\Plocha\Live PC Help.lnk
2015-12-11 06:13 - 2015-12-11 06:13 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\ComBroadcaster
2015-12-09 08:44 - 2015-12-09 08:45 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\tWdMt
2015-12-09 08:43 - 2015-12-09 08:43 - 00000000 ____D C:\Documents and Settings\capík\Data aplikací\TSv
2015-12-09 08:42 - 2015-12-09 08:43 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\OWdMO
2015-12-08 04:35 - 2016-01-02 18:04 - 00000000 ____D C:\Documents and Settings\capík\Data aplikací\yoursearching
2015-12-05 06:42 - 2015-12-10 04:35 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Tmp0x0x
2015-12-04 16:12 - 2016-01-02 18:17 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-02 18:36 - 2015-05-09 14:07 - 00000000 ____D C:\WINDOWS
2016-01-02 18:36 - 2015-05-09 12:25 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Temp
2016-01-02 18:34 - 2015-05-09 12:25 - 00000000 ___HD C:\Documents and Settings\capík\Local Settings\Data aplikací
2016-01-02 18:34 - 2015-05-09 12:25 - 00000000 ____D C:\Documents and Settings\capík\Plocha
2016-01-02 18:31 - 2015-11-10 17:16 - 00000000 ____D C:\Program Files\SFK
2016-01-02 18:28 - 2015-11-19 07:48 - 00000414 _____ C:\WINDOWS\Tasks\Total Kit.job
2016-01-02 18:28 - 2015-11-19 06:34 - 00000422 _____ C:\WINDOWS\Tasks\Camera Comp.job
2016-01-02 18:28 - 2015-11-10 17:15 - 00000426 _____ C:\WINDOWS\Tasks\Super Number.job
2016-01-02 18:28 - 2015-11-10 17:05 - 00001024 _____ C:\WINDOWS\Tasks\nMn8yb4vsjCNq.job
2016-01-02 18:28 - 2015-11-10 17:05 - 00001016 _____ C:\WINDOWS\Tasks\ZQID1GGme.job
2016-01-02 18:28 - 2015-11-10 17:05 - 00000922 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2016-01-02 18:28 - 2015-10-25 11:32 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-02 18:28 - 2015-07-07 03:21 - 00000222 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-01-02 18:28 - 2015-05-09 12:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-02 18:28 - 2015-05-09 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-02 18:27 - 2015-05-09 12:26 - 00032584 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-02 18:27 - 2015-05-09 12:25 - 00000178 ___SH C:\Documents and Settings\capík\ntuser.ini
2016-01-02 18:23 - 2015-05-09 12:51 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2016-01-02 18:23 - 2015-05-09 12:23 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2016-01-02 18:23 - 2015-05-09 12:23 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2016-01-02 18:23 - 2015-05-09 12:19 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2016-01-02 18:20 - 2015-05-09 12:25 - 00000000 ____D C:\Documents and Settings\capík
2016-01-02 18:19 - 2015-09-26 18:40 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-02 18:15 - 2015-11-13 05:48 - 00000000 ____D C:\Documents and Settings\capík\Data aplikací\Seznam.cz
2016-01-02 18:12 - 2015-11-10 17:05 - 00000000 ____D C:\Documents and Settings\capík\Nabídka Start\Programy\VOPackage
2016-01-02 18:12 - 2015-10-25 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome
2016-01-02 18:12 - 2015-05-09 14:12 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-01-02 18:12 - 2015-05-09 12:25 - 00000000 ___RD C:\Documents and Settings\capík\Nabídka Start
2016-01-02 18:10 - 2015-05-13 10:16 - 00000000 ____D C:\Program Files\Google
2016-01-02 18:07 - 2015-11-10 17:27 - 00000958 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-02 18:03 - 2015-11-16 04:08 - 00000000 ____D C:\Documents and Settings\capík\Data aplikací\istartpageing
2016-01-02 17:57 - 2015-05-09 12:26 - 00000738 _____ C:\Documents and Settings\capík\Nabídka Start\Programy\Outlook Express.lnk
2016-01-02 17:57 - 2015-05-09 12:25 - 00000000 ___RD C:\Documents and Settings\capík\Oblíbené položky
2016-01-02 17:57 - 2015-05-09 12:25 - 00000000 ___RD C:\Documents and Settings\capík\Nabídka Start\Programy
2016-01-02 17:57 - 2015-05-09 12:25 - 00000000 ___RD C:\Documents and Settings\capík\Dokumenty\Obrázky
2016-01-02 17:57 - 2015-05-09 12:25 - 00000000 ___RD C:\Documents and Settings\capík\Dokumenty\Hudba
2016-01-02 17:57 - 2015-05-09 12:25 - 00000000 ___RD C:\Documents and Settings\capík\Dokumenty
2016-01-02 17:56 - 2015-05-09 12:25 - 00000788 _____ C:\Documents and Settings\capík\Nabídka Start\Programy\Windows Media Player.lnk
2016-01-02 17:48 - 2015-11-10 17:45 - 00000302 _____ C:\WINDOWS\Tasks\IQA.job
2016-01-02 16:45 - 2015-11-12 05:28 - 00000017 _____ C:\WINDOWS\system32\history.dat
2016-01-02 16:17 - 2015-11-10 17:05 - 00000926 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2016-01-02 14:18 - 2015-05-11 19:11 - 00000000 ____D C:\Documents and Settings\capík\Data aplikací\vlc
2016-01-01 15:38 - 2015-05-10 21:10 - 00000000 ___RD C:\Documents and Settings\capík\Plocha\Havo☺
2016-01-01 08:27 - 2015-05-09 14:12 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-01-01 07:58 - 2015-11-10 17:41 - 00000000 ____D C:\Documents and Settings\capík\Data aplikací\systweak
2015-12-30 23:06 - 2015-05-09 12:25 - 00000000 __RHD C:\Documents and Settings\capík\Data aplikací
2015-12-29 21:19 - 2015-09-26 18:39 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-29 21:19 - 2015-09-26 18:39 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-26 11:34 - 2015-05-09 14:08 - 00000211 ___SH C:\boot.ini
2015-12-26 11:34 - 2015-05-09 11:50 - 00000507 _____ C:\WINDOWS\win.ini
2015-12-26 11:34 - 2015-05-09 11:49 - 00000227 _____ C:\WINDOWS\system.ini
2015-12-26 11:19 - 2015-05-09 12:25 - 00000000 ___RD C:\Documents and Settings\capík\Nabídka Start\Programy\Po spuštění
2015-12-26 08:07 - 2015-11-10 17:06 - 00000000 ____D C:\Documents and Settings\capík\Local Settings\Data aplikací\7B92231C-1447175192-11D5-B7DC-135013F7F630
2015-12-25 09:12 - 2015-11-10 17:16 - 00000144 _____ C:\Documents and Settings\All Users\Data aplikací\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-12-25 09:12 - 2015-05-09 14:10 - 00000000 ___HD C:\Documents and Settings\All Users\Data aplikací
2015-12-20 10:39 - 2015-11-17 18:26 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\kingsoft
2015-12-13 10:00 - 2015-11-17 17:31 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-09 08:42 - 2015-11-13 06:38 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\WWMiniProW
2015-12-09 07:27 - 2015-11-13 12:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 07:21 - 2015-07-06 06:50 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 15:00 - 2015-07-07 03:21 - 00000216 _____ C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job

==================== Files in the root of some directories =======

2015-11-17 14:59 - 2015-11-17 14:59 - 0125440 _____ () C:\Documents and Settings\capík\Data aplikací\Deployer.dll
2015-11-23 16:57 - 2015-11-23 16:57 - 0005120 _____ () C:\Documents and Settings\capík\Data aplikací\GiftBag.db
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Documents and Settings\capík\Data aplikací\nMn8yb4vsjCNq
2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Documents and Settings\capík\Data aplikací\nMn8yb4vsjCNq.exe
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Documents and Settings\capík\Data aplikací\ZQID1GGme
2015-04-20 15:05 - 2015-04-20 15:05 - 1246720 _____ () C:\Documents and Settings\capík\Data aplikací\ZQID1GGme.exe
2015-05-11 19:11 - 2015-10-28 19:20 - 0014848 _____ () C:\Documents and Settings\capík\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-02 18:31 - 2016-01-02 18:34 - 0029696 _____ () C:\Documents and Settings\capík\Local Settings\Data aplikací\MSGBOX.EXE
2015-11-10 17:07 - 2015-11-10 17:07 - 0000187 _____ () C:\Documents and Settings\capík\Local Settings\Data aplikací\plexgreen.exe.config
2015-11-17 19:34 - 2015-11-17 19:34 - 0002499 _____ () C:\Documents and Settings\capík\Local Settings\Data aplikací\plexgreen.exe.lnk
2015-11-10 17:16 - 2015-12-25 09:12 - 0000144 _____ () C:\Documents and Settings\All Users\Data aplikací\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Some files in TEMP:
====================
C:\Documents and Settings\capík\Local Settings\Temp\avenger.exe
C:\Documents and Settings\capík\Local Settings\Temp\FRST.exe
C:\Documents and Settings\capík\Local Settings\Temp\FRSTLauncher(1).exe
C:\Documents and Settings\capík\Local Settings\Temp\FRSTLauncher.exe
C:\Documents and Settings\capík\Local Settings\Temp\fsdAA.exe
C:\Documents and Settings\capík\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(1).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(10).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(11).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(2).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(3).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(4).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(5).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(6).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(7).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(8).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748(9).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_10.11.16575.227_1777425748.exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(1).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(10).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(11).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(2).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(3).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(4).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(5).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(6).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(7).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(8).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438(9).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQMSystemSetup_11.1.16923.222_48298438.exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa(1).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa(2).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa(3).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa(4).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa(5).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa(6).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa(7).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa(8).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa(9).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.3.2_710201.4693.pa.exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa(1).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa(10).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa(2).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa(3).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa(4).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa(5).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa(6).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa(7).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa(8).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa(9).exe
C:\Documents and Settings\cap铆k\Local Settings\Temp\TempQQPhoneManager-5.5.1_710201.4892.pa.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================