Podezření na malware

[Michal I]

Dobrý den,
při kliknutí na odkaz (např v mailu) se otevře jiná (reklamní) stránka než je viditelné url

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03
Ran by JM (administrator) on JM-HTPC on 02-02-2014 20:43:13
Running from C:\Users\JM\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) ===================

(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Team H2O) C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
(Software602) C:\Program Files\Software602\Print2PDF\Print2PDF.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files\RocketDock\RocketDock.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Users\JM\AppData\Local\Google\Update\GoogleUpdate.exe
(Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
(Ovislink Corp.) C:\Program Files\Ovislink\Common\TurboG-UI.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Google Inc.) C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\JM\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [H2O] - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [385024 2005-10-23] (Team H2O)
HKLM\...\Run: [Print2PDF Print Monitor] - C:\Program Files\Software602\Print2PDF\Print2PDF.exe [220992 2011-10-04] (Software602)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKU\S-1-5-21-3124626429-561365757-46322953-1000\...\Run: [RocketDock] - C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3124626429-561365757-46322953-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\S-1-5-21-3124626429-561365757-46322953-1000\...\Run: [Google Update] - C:\Users\JM\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-17] (Google Inc.)
HKU\S-1-5-21-3124626429-561365757-46322953-1000\...\Run: [PC Suite Tray] - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
AppInit_DLLs: c:\progra~2\fastan~1\fastan~1.dll => C:\ProgramData\Fast And Safe\FastAndSafe.dll [4190720 2013-12-30] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pi ... Z&unqvl=14
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pi ... Z&unqvl=14
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.lookforithere.info/?l= ... Z&unqvl=14
SearchScopes: HKCU - {889B1B1C-3E36-4146-A794-247D251BE927} URL = http://websearch.ask.com/redirect?clien ... 391E687E44
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.lookforithere.info/?l= ... Z&unqvl=14
BHO: BulOckThheAdApp - {1FEC72D8-C9B0-A1E3-63A5-069A34A1D58E} - C:\ProgramData\BulOckThheAdApp\mi.dll ()
BHO: AlllSuaver - {22ED40E6-ADFA-56EA-12B9-7F5461E748C0} - C:\ProgramData\AlllSuaver\rOzz8d0q.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CheappMe - {CC323A9F-F96D-B46C-BD3E-751BD1012698} - C:\ProgramData\CheappMe\7NRq1xkpdS.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} http://rscz001.realspektrum.cz/dwa8W.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/11&hid=1731668001&lg=EN&cc=CZ&unqvl=14
CHR RestoreOnStartup: ""
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: http://websearch.lookforithere.info/?l= ... Z&unqvl=14
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\JM\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\JM\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\JM\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Software602 Form Filler) - C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\JM\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (CheappMe) - C:\Users\JM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmmifjaffkkjhloobeffcnpbgglalgm [2014-01-01]
CHR Extension: (BulOckThheAdApp) - C:\Users\JM\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofaocmkdagmkiplgakcgmekomiggcmh [2014-02-01]
CHR Extension: (Custom new tab) - C:\Users\JM\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkijekempmdlleaimfelifcejbkmcd [2014-01-07]
CHR Extension: (Peněženka Google) - C:\Users\JM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (AlllSuaver) - C:\ProgramData\jebmhpccammbhdcjghamdajpmadkhnea [2014-01-01]
CHR HKLM\...\Chrome\Extension: [aaaapoldfpilohhfkhihnhdckpackghi] - C:\Users\JM\AppData\Local\APN\GoogleCRXs\aaaapoldfpilohhfkhihnhdckpackghi_7.15.4.0.crx [2012-09-25]
CHR StartMenuInternet: Google Chrome - C:\Users\JM\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 64af91bf; C:\ProgramData\Fast And Safe\FastAndSafeSvc.dll [181072 2013-12-30] ()
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [584488 2011-03-04] (Nero AG)
R2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [238592 2011-03-09] (WDC)
R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060864 2011-03-09] ()
R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2011-03-09] ()
S2 aic78u2; %systemroot%\system32\atitunep.dll [x]
S2 amdk77; %systemroot%\system32\AsuhfivrO.dll [x]
S2 askernel; %systemroot%\system32\Sk99202k.dll [x]
S2 besclient; %systemroot%\system32\purendis.dll [x]
S2 CdaC15BA; %systemroot%\system32\nvenetfd.dll [x]
S2 emitray; %systemroot%\system32\NVXBAR.dll [x]
S2 GENERICDRV; %systemroot%\system32\ni_nic.dll [x]
S2 iam; %systemroot%\system32\acs.dll [x]
S2 ni_nic; %systemroot%\system32\UxTuneUp.dll [x]
S2 pdiddcci; %systemroot%\system32\3compxe.dll [x]
S2 ps2; %systemroot%\system32\pdreli.dll [x]
S2 SaiClass; %systemroot%\system32\MREMP50a64.dll [x]
S2 SeratoUsb; %systemroot%\system32\mbackmonitor.dll [x]
S2 SQTECH9080; %systemroot%\system32\SE2Bmgmt.dll [x]
S2 srservice; %systemroot%\system32\upsmonservice.dll [x]
S2 TClass2k; %systemroot%\system32\AdobeActiveFileMonitor6.0.dll [x]
S2 vmodem; %systemroot%\system32\usnsvc.dll [x]
S2 vmx86; %systemroot%\system32\NETMDUSB.dll [x]
S2 VRcore; %systemroot%\system32\smwdm.dll [x]
S2 z525mgmt; %systemroot%\system32\SNC.dll [x]

==================== Drivers (Whitelisted) ====================

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [863616 2013-01-25] (ITE Technologies )
R3 CLEDX; C:\Windows\System32\DRIVERS\cledx.sys [33792 2005-05-09] (Team H2O)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-06-19] (DT Soft Ltd)
S3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [192392 2009-07-29] (Avid Technology, Inc.)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [332800 2007-04-30] (Ralink Technology Corp.)
R3 RDID1034; C:\Windows\System32\Drivers\rdwm1034.sys [168192 2009-09-18] (Roland Corporation)
R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93336 2012-05-16] (PACE Anti-Piracy, Inc.)
S3 catchme; \??\C:\Users\JM\AppData\Local\Temp\catchme.sys [x]
S3 cpuz134; \??\C:\Users\JM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
S3 cpuz135; \??\C:\Users\JM\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
S2 Nsynas32; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-02 20:43 - 2014-02-02 20:43 - 00015507 _____ () C:\Users\JM\Desktop\FRST.txt
2014-02-02 20:42 - 2014-02-02 20:43 - 00000000 ____D () C:\FRST
2014-02-02 20:40 - 2014-02-02 20:41 - 00112640 _____ (forum.viry.cz) C:\Users\JM\Desktop\FRSTLauncher.exe
2014-02-02 20:40 - 2014-02-02 20:40 - 01137152 _____ (Farbar) C:\Users\JM\Desktop\FRST.exe
2014-02-01 04:10 - 2014-02-01 04:10 - 00002458 __RSH () C:\ProgramData\ntuser.pol
2014-02-01 04:10 - 2014-02-01 04:10 - 00000000 ____D () C:\ProgramData\cofaocmkdagmkiplgakcgmekomiggcmh
2014-02-01 04:10 - 2014-02-01 04:10 - 00000000 ____D () C:\ProgramData\BulOckThheAdApp
2014-01-27 18:30 - 2014-01-27 18:30 - 00000000 ____D () C:\Users\JM\AppData\Roaming\Oracle
2014-01-25 20:18 - 2014-01-25 20:49 - 00000000 ____D () C:\!Synthesizer - tuning
2014-01-25 19:30 - 2014-01-26 10:59 - 00103592 _____ () C:\Users\JM\Desktop\22001 days (score) 2.sib
2014-01-18 11:13 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-18 11:13 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 11:13 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 11:13 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 11:12 - 2014-01-18 11:13 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log

==================== One Month Modified Files and Folders =======

2014-02-02 20:43 - 2014-02-02 20:43 - 00015507 _____ () C:\Users\JM\Desktop\FRST.txt
2014-02-02 20:43 - 2014-02-02 20:42 - 00000000 ____D () C:\FRST
2014-02-02 20:41 - 2014-02-02 20:40 - 00112640 _____ (forum.viry.cz) C:\Users\JM\Desktop\FRSTLauncher.exe
2014-02-02 20:41 - 2012-05-13 12:26 - 00000000 ____D () C:\Program Files\KeePass-2.17
2014-02-02 20:40 - 2014-02-02 20:40 - 01137152 _____ (Farbar) C:\Users\JM\Desktop\FRST.exe
2014-02-02 20:37 - 2012-06-17 18:44 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job
2014-02-02 20:08 - 2011-11-17 09:50 - 01633316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 20:00 - 2012-06-16 18:28 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 19:59 - 2009-07-14 05:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-02 19:59 - 2009-07-14 05:34 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 19:55 - 2011-11-17 09:41 - 01596154 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 19:52 - 2011-11-17 15:43 - 00000034 _____ () C:\Users\JM\AppData\Local\RT2870_{A3BDC24C-9069-400C-8DA7-A425002A0EFB}_sta
2014-02-02 19:51 - 2012-06-16 18:26 - 00093808 _____ () C:\Windows\setupact.log
2014-02-02 19:51 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 14:05 - 2011-11-17 19:52 - 00000000 ____D () C:\Users\JM\AppData\Roaming\Skype
2014-02-02 10:37 - 2012-06-17 18:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job
2014-02-01 04:10 - 2014-02-01 04:10 - 00002458 __RSH () C:\ProgramData\ntuser.pol
2014-02-01 04:10 - 2014-02-01 04:10 - 00000000 ____D () C:\ProgramData\cofaocmkdagmkiplgakcgmekomiggcmh
2014-02-01 04:10 - 2014-02-01 04:10 - 00000000 ____D () C:\ProgramData\BulOckThheAdApp
2014-02-01 04:10 - 2014-01-01 10:16 - 00000000 ____D () C:\ProgramData\1b04d4d3091cda29
2014-02-01 04:10 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-30 19:54 - 2012-06-16 18:25 - 00023114 _____ () C:\Windows\PFRO.log
2014-01-27 18:30 - 2014-01-27 18:30 - 00000000 ____D () C:\Users\JM\AppData\Roaming\Oracle
2014-01-26 10:59 - 2014-01-25 19:30 - 00103592 _____ () C:\Users\JM\Desktop\22001 days (score) 2.sib
2014-01-26 10:05 - 2009-07-14 05:53 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-25 20:49 - 2014-01-25 20:18 - 00000000 ____D () C:\!Synthesizer - tuning
2014-01-22 20:58 - 2011-11-27 16:19 - 00000000 ___RD () C:\DATA (zálohy)
2014-01-18 11:13 - 2014-01-18 11:12 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-18 11:13 - 2013-10-27 20:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-18 11:13 - 2012-03-16 08:31 - 00000000 ____D () C:\Program Files\Java
2014-01-11 11:19 - 2012-07-25 04:42 - 00000000 ____D () C:\Users\JM\AppData\Local\CrashDumps

Some content of TEMP:
====================
C:\Users\JM\AppData\Local\temp\AskSLib.dll
C:\Users\JM\AppData\Local\temp\DevSetup32.dll
C:\Users\JM\AppData\Local\temp\DevSetup64.dll
C:\Users\JM\AppData\Local\temp\DriverInstall32.exe
C:\Users\JM\AppData\Local\temp\DriverInstall64.exe
C:\Users\JM\AppData\Local\temp\jre-7u13-windows-i586-iftw.exe
C:\Users\JM\AppData\Local\temp\jre-7u15-windows-i586-iftw.exe
C:\Users\JM\AppData\Local\temp\jre-7u17-windows-i586-iftw.exe
C:\Users\JM\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\JM\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\JM\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\JM\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\JM\AppData\Local\temp\KillProcess.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 18:44




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:232.79 GB) (Free:1.31 GB) NTFS

Available physical RAM: 806.18 MB
Total physical RAM: 2038.48 MB
Percentage of memory in use: 60%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 06C8A184)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000Core.job => C:\Users\JM\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3124626429-561365757-46322953-1000UA.job => C:\Users\JM\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Microsoft:duGArhzAzyuF9MVj1u
AlternateDataStreams: C:\ProgramData\Microsoft:nKXw40a1imsBBIYpaVV
AlternateDataStreams: C:\ProgramData\TEMP:888AFB86
AlternateDataStreams: C:\Users\JM\Local Settings:Aj7K8G5bt09jfek7LelSvY4q
AlternateDataStreams: C:\Users\JM\AppData\Local:Aj7K8G5bt09jfek7LelSvY4q
AlternateDataStreams: C:\Users\JM\AppData\Local\Data aplikací:Aj7K8G5bt09jfek7LelSvY4q

==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\JM\Desktop" je 661 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[vyosek]

Zdravim

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna doamci verze

[Michal I]

Dobrý den,
no není. Pc jsem koupil před lety s orig. win 7 home, ale zaroveň na něm bylo nainstalované toto. Neměl jsem tenkrát čas to předělat a už to tak zůstalo až dodneška.... Takže reinstal

[vyosek]

Sam jste si odpovedel, doporucuji reinstal zpatky na legalni W7 Home Premium...

My se tu dle pravidel fora a charty mezinarodni aliance ASAP, jejiz jsme cleny, nelegalnimi systemy nezabyvame...