přesměrovávání internetu na www.ultrafiles.net.......

[RAma]

Zdravím,
tak jako pár jedinců, tak i já mám problém s přesměrováním na link ....ultrafiles.net..... i tu na foru, při překlikávání mezi tématy. už jsem to jednou ,je to asi měsíc, řešil pomocí combofix, nechal jsem ho projet a nějak mě to přestalo zlobit,ale teď už mi nepomohl ani on. Věděl by mi s tím někdo pomoci? děkuji

připojuji výpis z Awdcleaner:
# AdwCleaner v3.018 - Report created 14/02/2014 at 16:45:45
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional (64 bits)
# Username : R - RAMA
# Running from : C:\Users\R\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\UseRs\R\AppData\LocalLow\Search Settings

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Search Settings

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2767 octets] - [25/01/2014 20:10:51]
AdwCleaner[R1].txt - [2759 octets] - [14/02/2014 15:26:00]
AdwCleaner[R2].txt - [2819 octets] - [14/02/2014 16:45:06]
AdwCleaner[S0].txt - [2849 octets] - [25/01/2014 20:11:29]
AdwCleaner[S1].txt - [2683 octets] - [14/02/2014 16:45:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2743 octets] ##########



a z MBAM:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.02.14.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
R :: RAMA [administrátor]

Ochrana: Povolena

14.2.2014 16:58:49
MBAM-log-2014-02-14 (17-01-40).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 235966
Uplynulý čas: 2 minut, 30 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B8804562-FD8F-E12E-AA2D-8F94396F067E}_is1 (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A80DCA13-F042-18F2-E4C0-932C159A2E75}_is1 (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|msxsrodSrv (Trojan.Script) -> Data: "C:\Windows\system32\msxsrod.vbe" msqqifmf msasami -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\Program Files (x86)\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 57
C:\Users\R\Documents\Downloads\ClickHeretoDownload-0tFtFrM.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Documents\Downloads\ClickHeretoDownload-4NVpriY.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Documents\Downloads\ClickHeretoDownload-8l9cFLS.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Documents\Downloads\ClickHeretoDownload-9RWPotV.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R1D5ZSD.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R1NP4OK.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R1UDBK2.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R20I9WY.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R3HSZCA.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R4F3LVY.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R4FVHWH.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R6Y50X1.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R7B2QGZ.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R9KFYEI.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R9KNDXP.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R9SFNPZ.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$R9VQUDZ.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RA2NINI.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RAQZFEO.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RBNL3XL.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RC3PIV2.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RD7TC1L.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$REKDJUY.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$REOHG13.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$REVOQ06.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$REY1VOF.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RF1ICH8.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RHCWGVD.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RIGV9UE.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RJXOI2G.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RK1C32C.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RLPSTVW.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RN500YO.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$ROEGJCN.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$ROLS4BV.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RRDKNC3.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RUTF36A.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RWOCCT8.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RXH5URK.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\$RECYCLE.BIN\S-1-5-21-3548695890-1251497973-2143529031-1000\$RYJCH66.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Downloads\ClickHeretoDownload-1eAflzD.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Downloads\ClickHeretoDownload-2ovJl13.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Downloads\ClickHeretoDownload-5XR7IMC.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Downloads\ClickHeretoDownload-6nskjfB.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Downloads\ClickHeretoDownload-9oVmkJj.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Downloads\ClickHeretoDownload-9zyKwa2.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Downloads\ClickHeretoDownload-ack8lxP.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Downloads\ClickHeretoDownload-aLwRfQs.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Downloads\ClickHeretoDownload-bM1j5FO.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\R\Downloads\ClickHeretoDownload-fBSl73z.exe (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\msxsrod.vbe (Trojan.Script) -> Nebyla provedena žádná instrukce.
C:\Windows\SysWOW64\msxsrod.vbe (Trojan.Script) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK\unins000.dat (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK\unins000.exe (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK\unins001.dat (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK\unins001.exe (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK\WinRAR 3.93 pln verze CZ x86 a x64 + CRACK.zip (Trojan.Agent.CK) -> Nebyla provedena žádná instrukce.

(konec)

[Rudy]

Zdravím!
Postupujte podle tohoto návodu: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[RAma]

dobře, pokusím se.

[RAma]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by R (administrator) on RAMA on 14-02-2014 19:43:35
Running from C:\Users\R\Desktop
Windows 7 Professional (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\R\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-16] ()
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [msxsrodSrv] - C:\Windows\SysWOW64\msxsrod.vbe [583 2013-12-10] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-22] (Power Software Ltd)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-14] (AVAST Software)
HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3548695890-1251497973-2143529031-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3548695890-1251497973-2143529031-1000\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3548695890-1251497973-2143529031-1000\...\Run: [uTorrent] - C:\Users\R\AppData\Roaming\uTorrent\utorrent.exe [393728 2013-12-29] (BitTorrent, Inc.)
HKU\S-1-5-21-3548695890-1251497973-2143529031-1000\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3548695890-1251497973-2143529031-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-3548695890-1251497973-2143529031-1000\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [490880 2012-09-24] (IObit)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-12] (NVIDIA Corporation)
Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR Extension: (Disk Google) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-08]
CHR Extension: (YouTube) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-08]
CHR Extension: (Vyhledávání Google) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-08]
CHR Extension: (avast! Online Security) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-10]
CHR Extension: (Peněženka Google) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-08]
CHR Extension: (Gmail) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [464256 2012-10-31] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-14] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-14] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-02-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-14] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-02-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-14] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 19:43 - 2014-02-14 19:43 - 00014329 _____ () C:\Users\R\Desktop\FRST.txt
2014-02-14 19:43 - 2014-02-14 19:43 - 00000000 ____D () C:\FRST
2014-02-14 19:40 - 2014-02-14 19:40 - 00112640 _____ (forum.viry.cz) C:\Users\R\Desktop\FRSTLauncher.exe
2014-02-14 19:30 - 2014-02-14 19:30 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-eAhosCc.exe
2014-02-14 19:30 - 2014-02-14 19:30 - 00112640 _____ (forum.viry.cz) C:\Users\R\Downloads\Nepotvrzeno 647497.crdownload
2014-02-14 19:29 - 2014-02-14 19:29 - 02152960 _____ (Farbar) C:\Users\R\Desktop\FRST64.exe
2014-02-14 19:29 - 2014-02-14 19:29 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-cf1sbq5.exe
2014-02-14 18:48 - 2014-02-14 18:48 - 324754259 _____ () C:\Users\R\Downloads\Gladiátori-BRRip-CZ.avi.crdownload
2014-02-14 18:26 - 2014-02-14 18:26 - 00000000 ___SD () C:\ComboFix
2014-02-14 17:54 - 2014-02-14 17:55 - 00423077 _____ () C:\Users\R\Desktop\TCleaner v1.0.4.exe
2014-02-14 16:55 - 2014-02-14 16:55 - 00165888 _____ () C:\Users\R\Downloads\Nepotvrzeno 67683.crdownload
2014-02-14 16:53 - 2014-02-14 16:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\R\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-14 14:15 - 2014-02-14 14:15 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-14 14:15 - 2014-02-14 14:15 - 00000000 ____D () C:\Users\R\AppData\Roaming\Malwarebytes
2014-02-14 14:14 - 2014-02-14 14:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 14:14 - 2014-02-14 14:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-14 14:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-14 14:13 - 2014-02-14 14:13 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-bM1j5FO.exe
2014-02-14 14:13 - 2014-02-14 14:13 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-aLwRfQs.exe
2014-02-14 14:12 - 2014-02-14 14:12 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-5XR7IMC.exe
2014-02-14 14:09 - 2014-02-14 14:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\R\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-14 14:09 - 2014-02-14 14:09 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-9oVmkJj.exe
2014-02-14 14:07 - 2014-02-14 14:07 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-9zyKwa2.exe
2014-02-14 14:06 - 2014-02-14 14:06 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-1eAflzD.exe
2014-02-14 13:57 - 2014-02-14 13:57 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-2ovJl13.exe
2014-02-14 13:37 - 2014-02-14 13:37 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-fBSl73z.exe
2014-02-14 13:37 - 2014-02-14 13:37 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-ack8lxP.exe
2014-02-14 13:37 - 2014-02-14 13:37 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-6nskjfB.exe
2014-02-14 13:36 - 2014-02-14 14:17 - 00000000 ____D () C:\Users\R\Desktop\Nová složka
2014-02-14 13:35 - 2014-02-14 13:35 - 01166132 _____ () C:\Users\R\Desktop\adwcleaner.exe
2014-02-14 13:22 - 2014-02-14 13:22 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-02-14 13:22 - 2014-02-14 13:22 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-02-13 11:41 - 2014-02-14 16:47 - 00000672 _____ () C:\Windows\setupact.log
2014-02-13 11:41 - 2014-02-13 11:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-13 11:40 - 2014-02-14 16:47 - 00008976 _____ () C:\Windows\PFRO.log
2014-02-13 11:40 - 2014-02-13 11:40 - 00000000 _____ () C:\asc_rdflag
2014-02-13 11:14 - 2014-02-13 11:14 - 01540608 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-02-13 11:14 - 2014-02-13 11:14 - 01135104 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-02-13 11:14 - 2014-02-13 11:14 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-02-13 11:14 - 2014-02-13 11:14 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 11:14 - 2014-02-13 11:14 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-02-13 11:13 - 2014-02-13 11:13 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2014-02-13 11:13 - 2014-02-13 11:13 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2014-02-13 11:13 - 2012-10-12 19:09 - 00025472 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-02-13 11:06 - 2014-02-13 11:06 - 00003152 _____ () C:\Windows\System32\Tasks\Game_Booster_AutoUpdate
2014-02-13 00:44 - 2014-02-13 00:44 - 00003086 _____ () C:\Windows\System32\Tasks\ASC6_PerformanceMonitor
2014-02-13 00:43 - 2014-02-13 00:43 - 00001264 _____ () C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-02-13 00:36 - 2014-02-13 00:44 - 00000000 ____D () C:\ProgramData\IObit
2014-02-13 00:36 - 2014-02-13 00:36 - 00003084 _____ () C:\Windows\System32\Tasks\ASC4_PerformanceMonitor
2014-02-13 00:35 - 2014-02-13 00:35 - 00000000 ____D () C:\Program Files (x86)\IObit Toolbar
2014-02-13 00:33 - 2014-02-13 00:43 - 00000000 ____D () C:\Users\R\AppData\Roaming\IObit
2014-02-13 00:33 - 2014-02-13 00:43 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-02-13 00:29 - 2014-02-13 11:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-13 00:29 - 2014-02-13 00:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-12 11:56 - 2014-02-12 11:56 - 00000000 ____D () C:\The KMPlayer
2014-02-11 17:50 - 2014-02-11 17:50 - 00000000 ____D () C:\Users\R\Documents\Rainmeter
2014-02-11 17:50 - 2014-02-11 17:50 - 00000000 ____D () C:\Users\R\AppData\Roaming\Rainmeter
2014-02-11 17:49 - 2014-02-11 17:49 - 00000000 ____D () C:\Program Files\Rainmeter
2014-02-06 18:31 - 2014-02-06 18:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2014-02-06 01:29 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-02-06 01:29 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-02-06 01:29 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-02-06 01:29 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-02-06 01:29 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-02-06 01:29 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-02-06 01:29 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-02-06 01:29 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-02-06 01:29 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-02-06 01:29 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-02-06 01:29 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-02-06 01:00 - 2014-02-06 01:28 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-06 01:00 - 2014-02-06 01:00 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-06 00:59 - 2014-02-06 00:59 - 00000802 _____ () C:\Users\Public\Desktop\World of Warplanes.lnk
2014-02-06 00:55 - 2014-02-06 00:55 - 00000000 ____D () C:\Games
2014-02-04 23:25 - 2014-02-12 04:20 - 00000000 ____D () C:\Users\R\AppData\Roaming\vlc
2014-02-04 23:23 - 2014-02-04 23:23 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-26 13:03 - 2014-02-14 18:26 - 00000000 ____D () C:\Qoobox
2014-01-26 13:03 - 2014-02-13 14:02 - 00000000 ____D () C:\Windows\erdnt
2014-01-26 13:03 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-01-26 13:03 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-01-26 13:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-26 13:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-26 13:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-26 13:03 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-01-26 13:03 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-01-26 13:03 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-01-26 13:01 - 2014-02-14 18:15 - 05183211 ____R (Swearware) C:\Users\R\Desktop\ComboFix.exe
2014-01-25 20:09 - 2014-02-14 16:52 - 00000000 ____D () C:\AdwCleaner
2014-01-21 17:47 - 2014-01-21 17:47 - 00000000 _____ () C:\Users\R\Sti_Trace.log
2014-01-21 12:49 - 2014-01-21 12:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-21 12:49 - 2014-01-21 12:49 - 00002764 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

==================== One Month Modified Files and Folders =======

2014-02-14 19:43 - 2014-02-14 19:43 - 00014329 _____ () C:\Users\R\Desktop\FRST.txt
2014-02-14 19:43 - 2014-02-14 19:43 - 00000000 ____D () C:\FRST
2014-02-14 19:40 - 2014-02-14 19:40 - 00112640 _____ (forum.viry.cz) C:\Users\R\Desktop\FRSTLauncher.exe
2014-02-14 19:30 - 2014-02-14 19:30 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-eAhosCc.exe
2014-02-14 19:30 - 2014-02-14 19:30 - 00112640 _____ (forum.viry.cz) C:\Users\R\Downloads\Nepotvrzeno 647497.crdownload
2014-02-14 19:30 - 2014-01-09 00:59 - 00000000 ____D () C:\Users\R\AppData\Roaming\Skype
2014-02-14 19:29 - 2014-02-14 19:29 - 02152960 _____ (Farbar) C:\Users\R\Desktop\FRST64.exe
2014-02-14 19:29 - 2014-02-14 19:29 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-cf1sbq5.exe
2014-02-14 19:01 - 2014-01-08 23:45 - 00000942 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 18:48 - 2014-02-14 18:48 - 324754259 _____ () C:\Users\R\Downloads\Gladiátori-BRRip-CZ.avi.crdownload
2014-02-14 18:26 - 2014-02-14 18:26 - 00000000 ___SD () C:\ComboFix
2014-02-14 18:26 - 2014-01-26 13:03 - 00000000 ____D () C:\Qoobox
2014-02-14 18:15 - 2014-01-26 13:01 - 05183211 ____R (Swearware) C:\Users\R\Desktop\ComboFix.exe
2014-02-14 17:55 - 2014-02-14 17:54 - 00423077 _____ () C:\Users\R\Desktop\TCleaner v1.0.4.exe
2014-02-14 16:55 - 2014-02-14 16:55 - 00165888 _____ () C:\Users\R\Downloads\Nepotvrzeno 67683.crdownload
2014-02-14 16:55 - 2009-07-14 05:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 16:55 - 2009-07-14 05:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 16:53 - 2014-02-14 16:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\R\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-14 16:52 - 2014-01-25 20:09 - 00000000 ____D () C:\AdwCleaner
2014-02-14 16:51 - 2014-01-08 22:45 - 01176537 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 16:49 - 2014-01-10 11:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-14 16:49 - 2014-01-09 11:12 - 00000000 ____D () C:\Users\R\AppData\Roaming\uTorrent
2014-02-14 16:47 - 2014-02-13 11:41 - 00000672 _____ () C:\Windows\setupact.log
2014-02-14 16:47 - 2014-02-13 11:40 - 00008976 _____ () C:\Windows\PFRO.log
2014-02-14 16:47 - 2014-01-08 23:45 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 16:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 14:17 - 2014-02-14 13:36 - 00000000 ____D () C:\Users\R\Desktop\Nová složka
2014-02-14 14:15 - 2014-02-14 14:15 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-14 14:15 - 2014-02-14 14:15 - 00000000 ____D () C:\Users\R\AppData\Roaming\Malwarebytes
2014-02-14 14:15 - 2014-02-14 14:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 14:14 - 2014-02-14 14:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-14 14:13 - 2014-02-14 14:13 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-bM1j5FO.exe
2014-02-14 14:13 - 2014-02-14 14:13 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-aLwRfQs.exe
2014-02-14 14:12 - 2014-02-14 14:12 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-5XR7IMC.exe
2014-02-14 14:10 - 2014-02-14 14:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\R\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-14 14:09 - 2014-02-14 14:09 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-9oVmkJj.exe
2014-02-14 14:07 - 2014-02-14 14:07 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-9zyKwa2.exe
2014-02-14 14:06 - 2014-02-14 14:06 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-1eAflzD.exe
2014-02-14 13:57 - 2014-02-14 13:57 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-2ovJl13.exe
2014-02-14 13:37 - 2014-02-14 13:37 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-fBSl73z.exe
2014-02-14 13:37 - 2014-02-14 13:37 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-ack8lxP.exe
2014-02-14 13:37 - 2014-02-14 13:37 - 00165576 _____ () C:\Users\R\Downloads\ClickHeretoDownload-6nskjfB.exe
2014-02-14 13:35 - 2014-02-14 13:35 - 01166132 _____ () C:\Users\R\Desktop\adwcleaner.exe
2014-02-14 13:22 - 2014-02-14 13:22 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-02-14 13:22 - 2014-02-14 13:22 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-02-14 13:22 - 2014-01-10 11:32 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-14 13:22 - 2014-01-10 11:32 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-14 13:22 - 2014-01-10 11:32 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-14 13:22 - 2014-01-10 11:32 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-14 13:22 - 2014-01-10 11:32 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-14 13:22 - 2014-01-10 11:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-14 09:00 - 2014-01-10 01:29 - 00004306 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CF9E9CB7-CCA8-4610-A363-20666A815DF4}
2014-02-13 21:05 - 2009-07-14 16:18 - 00622660 _____ () C:\Windows\system32\perfh005.dat
2014-02-13 21:05 - 2009-07-14 16:18 - 00118810 _____ () C:\Windows\system32\perfc005.dat
2014-02-13 21:05 - 2009-07-14 06:13 - 01445734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 14:04 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-13 14:02 - 2014-01-26 13:03 - 00000000 ____D () C:\Windows\erdnt
2014-02-13 11:42 - 2014-01-09 00:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-13 11:42 - 2014-01-09 00:58 - 00000000 ____D () C:\ProgramData\Skype
2014-02-13 11:41 - 2014-02-13 11:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-13 11:40 - 2014-02-13 11:40 - 00000000 _____ () C:\asc_rdflag
2014-02-13 11:40 - 2014-01-08 22:52 - 00000000 ____D () C:\Users\R
2014-02-13 11:21 - 2014-02-13 00:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-13 11:14 - 2014-02-13 11:14 - 01540608 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-02-13 11:14 - 2014-02-13 11:14 - 01135104 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-02-13 11:14 - 2014-02-13 11:14 - 01074176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-02-13 11:14 - 2014-02-13 11:14 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 11:14 - 2014-02-13 11:14 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-02-13 11:13 - 2014-02-13 11:13 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2014-02-13 11:13 - 2014-02-13 11:13 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-02-13 11:13 - 2014-02-13 11:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys
2014-02-13 11:08 - 2014-01-08 22:42 - 00000000 ____D () C:\Windows\Panther
2014-02-13 11:06 - 2014-02-13 11:06 - 00003152 _____ () C:\Windows\System32\Tasks\Game_Booster_AutoUpdate
2014-02-13 00:46 - 2014-01-12 03:14 - 00000000 ____D () C:\Windows\Minidump
2014-02-13 00:44 - 2014-02-13 00:44 - 00003086 _____ () C:\Windows\System32\Tasks\ASC6_PerformanceMonitor
2014-02-13 00:44 - 2014-02-13 00:36 - 00000000 ____D () C:\ProgramData\IObit
2014-02-13 00:43 - 2014-02-13 00:43 - 00001264 _____ () C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-02-13 00:43 - 2014-02-13 00:33 - 00000000 ____D () C:\Users\R\AppData\Roaming\IObit
2014-02-13 00:43 - 2014-02-13 00:33 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-02-13 00:36 - 2014-02-13 00:36 - 00003084 _____ () C:\Windows\System32\Tasks\ASC4_PerformanceMonitor
2014-02-13 00:35 - 2014-02-13 00:35 - 00000000 ____D () C:\Program Files (x86)\IObit Toolbar
2014-02-13 00:29 - 2014-02-13 00:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-13 00:00 - 2014-01-11 22:13 - 00000000 ____D () C:\Users\R\AppData\Local\PokerStars
2014-02-12 21:54 - 2014-01-09 11:12 - 00000000 ____D () C:\torrent
2014-02-12 12:11 - 2014-01-10 02:00 - 00000000 ____D () C:\Users\R\Documents\The KMPlayer
2014-02-12 11:56 - 2014-02-12 11:56 - 00000000 ____D () C:\The KMPlayer
2014-02-12 10:56 - 2014-01-08 23:45 - 00003938 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 10:56 - 2014-01-08 23:45 - 00003686 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 04:20 - 2014-02-04 23:25 - 00000000 ____D () C:\Users\R\AppData\Roaming\vlc
2014-02-12 00:48 - 2014-01-11 22:13 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-02-11 17:50 - 2014-02-11 17:50 - 00000000 ____D () C:\Users\R\Documents\Rainmeter
2014-02-11 17:50 - 2014-02-11 17:50 - 00000000 ____D () C:\Users\R\AppData\Roaming\Rainmeter
2014-02-11 17:49 - 2014-02-11 17:49 - 00000000 ____D () C:\Program Files\Rainmeter
2014-02-11 17:49 - 2014-01-08 22:52 - 00000000 ___RD () C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-06 18:31 - 2014-02-06 18:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf
2014-02-06 01:28 - 2014-02-06 01:00 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-02-06 01:00 - 2014-02-06 01:00 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-06 00:59 - 2014-02-06 00:59 - 00000802 _____ () C:\Users\Public\Desktop\World of Warplanes.lnk
2014-02-06 00:55 - 2014-02-06 00:55 - 00000000 ____D () C:\Games
2014-02-04 23:23 - 2014-02-04 23:23 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-28 13:35 - 2014-01-09 01:08 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-01-26 13:09 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-01-22 09:09 - 2014-01-09 11:18 - 00000000 ____D () C:\Users\R\AppData\Local\Adobe
2014-01-21 17:48 - 2014-01-09 18:49 - 00000000 ____D () C:\Users\R\AppData\Roaming\ControlCenter4
2014-01-21 17:47 - 2014-01-21 17:47 - 00000000 _____ () C:\Users\R\Sti_Trace.log
2014-01-21 12:51 - 2014-01-21 12:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-21 12:49 - 2014-01-21 12:49 - 00002764 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-17 03:17 - 2014-01-09 14:35 - 00000027 _____ () C:\Users\R\AppData\Roaming\msqqifmf.dat

Some content of TEMP:
====================
C:\Users\R\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 00:51




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:596.07 GB) (Free:488.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (VERBATIM HD) (Fixed) (Total:465.65 GB) (Free:175.83 GB) FAT32
Drive h: (SD KARTA) (Removable) (Total:7.4 GB) (Free:0.02 GB) FAT32

Available physical RAM: 1509.48 MB
Total physical RAM: 4006.7 MB
Percentage of memory in use: 62%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 6E4CFF18)
Partition 1: (Active) - (Size=596 GB) - (Type=07 NTFS)
Disk: 1 (Size: 7 GB) (Disk ID: 0D3DAA7A)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DECE7AB1)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Internet Security (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\R\Desktop" je 9 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [msxsrodSrv] - C:\Windows\SysWOW64\msxsrod.vbe
C:\Windows\SysWOW64\msxsrod.vbe
HKLM-x32\...\Run: [] - [X]
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
C:\Users\R\Downloads\ClickHeretoDownload-bM1j5FO.exe
C:\Users\R\Downloads\ClickHeretoDownload-aLwRfQs.exe
C:\Users\R\Downloads\ClickHeretoDownload-5XR7IMC.exe
C:\Users\R\Downloads\ClickHeretoDownload-9oVmkJj.exe
C:\Users\R\Downloads\ClickHeretoDownload-9zyKwa2.exe
C:\Users\R\Downloads\ClickHeretoDownload-1eAflzD.exe
C:\Users\R\Downloads\ClickHeretoDownload-2ovJl13.exe
C:\Users\R\Downloads\ClickHeretoDownload-fBSl73z.exe
C:\Users\R\Downloads\ClickHeretoDownload-ack8lxP.exe
C:\Users\R\Downloads\ClickHeretoDownload-6nskjfB.exe
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\R\AppData\Roaming\msqqifmf.dat
C:\Users\R\AppData\Local\Temp
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[RAma]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by R at 2014-02-14 22:12:29 Run:1
Running from C:\Users\R\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [msxsrodSrv] - C:\Windows\SysWOW64\msxsrod.vbe
C:\Windows\SysWOW64\msxsrod.vbe
HKLM-x32\...\Run: [] - [X]
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
C:\Users\R\Downloads\ClickHeretoDownload-bM1j5FO.exe
C:\Users\R\Downloads\ClickHeretoDownload-aLwRfQs.exe
C:\Users\R\Downloads\ClickHeretoDownload-5XR7IMC.exe
C:\Users\R\Downloads\ClickHeretoDownload-9oVmkJj.exe
C:\Users\R\Downloads\ClickHeretoDownload-9zyKwa2.exe
C:\Users\R\Downloads\ClickHeretoDownload-1eAflzD.exe
C:\Users\R\Downloads\ClickHeretoDownload-2ovJl13.exe
C:\Users\R\Downloads\ClickHeretoDownload-fBSl73z.exe
C:\Users\R\Downloads\ClickHeretoDownload-ack8lxP.exe
C:\Users\R\Downloads\ClickHeretoDownload-6nskjfB.exe
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\R\AppData\Roaming\msqqifmf.dat
C:\Users\R\AppData\Local\Temp
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\msxsrodSrv => Value deleted successfully.
C:\Windows\SysWOW64\msxsrod.vbe => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
"C:\Users\R\Downloads\ClickHeretoDownload-bM1j5FO.exe" => File/Directory not found.
"C:\Users\R\Downloads\ClickHeretoDownload-aLwRfQs.exe" => File/Directory not found.
"C:\Users\R\Downloads\ClickHeretoDownload-5XR7IMC.exe" => File/Directory not found.
"C:\Users\R\Downloads\ClickHeretoDownload-9oVmkJj.exe" => File/Directory not found.
"C:\Users\R\Downloads\ClickHeretoDownload-9zyKwa2.exe" => File/Directory not found.
"C:\Users\R\Downloads\ClickHeretoDownload-1eAflzD.exe" => File/Directory not found.
"C:\Users\R\Downloads\ClickHeretoDownload-2ovJl13.exe" => File/Directory not found.
"C:\Users\R\Downloads\ClickHeretoDownload-fBSl73z.exe" => File/Directory not found.
"C:\Users\R\Downloads\ClickHeretoDownload-ack8lxP.exe" => File/Directory not found.
"C:\Users\R\Downloads\ClickHeretoDownload-6nskjfB.exe" => File/Directory not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Users\R\AppData\Roaming\msqqifmf.dat => Moved successfully.

"C:\Users\R\AppData\Local\Temp" directory move:

C:\Users\R\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\R\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\R\AppData\Local\Temp\chart_data.dat => Moved successfully.
C:\Users\R\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\R\AppData\Local\Temp\Donate.ico => Moved successfully.
Could not move "C:\Users\R\AppData\Local\Temp\etilqs_pNeR0CNU8chRPaw" => Scheduled to move on reboot.
Could not move "C:\Users\R\AppData\Local\Temp\etilqs_xdi5vPrkMmDP3fq" => Scheduled to move on reboot.
Could not move "C:\Users\R\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\R\AppData\Local\Temp\preferences => Moved successfully.
C:\Users\R\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\R\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\R\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\R\AppData\Local\Temp\streaming_updates.dat => Moved successfully.
C:\Users\R\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\R\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\R\AppData\Local\Temp\_10AA.tmp => Moved successfully.
C:\Users\R\AppData\Local\Temp\_324F.tmp => Moved successfully.
C:\Users\R\AppData\Local\Temp\_45B.tmp => Moved successfully.
C:\Users\R\AppData\Local\Temp\_AFA8.tmp => Moved successfully.
C:\Users\R\AppData\Local\Temp\_BCA.tmp => Moved successfully.
C:\Users\R\AppData\Local\Temp\_CB30.tmp => Moved successfully.
C:\Users\R\AppData\Local\Temp\_E076.tmp => Moved successfully.
C:\Users\R\AppData\Local\Temp\_EF93.tmp => Moved successfully.
C:\Users\R\AppData\Local\Temp\_FA3D.tmp => Moved successfully.
C:\Users\R\AppData\Local\Temp\~47DE.tmp => Moved successfully.
C:\Users\R\AppData\Local\Temp\~BAAD.bat => Moved successfully.
C:\Users\R\AppData\Local\Temp\~BAAD.tmp => Moved successfully.
Could not move "C:\Users\R\AppData\Local\Temp\~DF0C001A7E47D73F0D.TMP" => Scheduled to move on reboot.
C:\Users\R\AppData\Local\Temp\~DF799706F1F2FC92C4.TMP => Moved successfully.
C:\Users\R\AppData\Local\Temp\~EC35.bat => Moved successfully.
C:\Users\R\AppData\Local\Temp\~EC35.tmp => Moved successfully.
Could not move "C:\Users\R\AppData\Local\Temp\Skype\DbTemp\temp-acH45M6dFlcTJobhSVJ8bDTr" => Scheduled to move on reboot.
Could not move "C:\Users\R\AppData\Local\Temp\Skype\DbTemp\temp-KWIb650I1sTtNwFVpwpspYdS" => Scheduled to move on reboot.
C:\Users\R\AppData\Local\Temp\5648_7902\crl-set => Moved successfully.
C:\Users\R\AppData\Local\Temp\5648_7902\manifest.fingerprint => Moved successfully.
C:\Users\R\AppData\Local\Temp\5648_7902\manifest.json => Moved successfully.
C:\Users\R\AppData\Local\Temp\5648_32631\crl-set => Moved successfully.
C:\Users\R\AppData\Local\Temp\5648_32631\manifest.fingerprint => Moved successfully.
C:\Users\R\AppData\Local\Temp\5648_32631\manifest.json => Moved successfully.
Could not move "C:\Users\R\AppData\Local\Temp" directory. => Scheduled to move on reboot.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-14 22:14:34)<=

"C:\Users\R\AppData\Local\Temp\etilqs_pNeR0CNU8chRPaw" => File could not move.
"C:\Users\R\AppData\Local\Temp\etilqs_xdi5vPrkMmDP3fq" => File could not move.
C:\Users\R\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
"C:\Users\R\AppData\Local\Temp\~DF0C001A7E47D73F0D.TMP" => File could not move.
C:\Users\R\AppData\Local\Temp\Skype\DbTemp\temp-acH45M6dFlcTJobhSVJ8bDTr => Is moved successfully.
C:\Users\R\AppData\Local\Temp\Skype\DbTemp\temp-KWIb650I1sTtNwFVpwpspYdS => Is moved successfully.
C:\Users\R\AppData\Local\Temp => Is moved successfully.

==== End of Fixlog ====

[Rudy]

Smazáno. Nastala nějaká změna?

[RAma]

problém přetrvává

[Rudy]

Zkuste toto.

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

[RAma]

unkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by R on pá 14.02.2014 at 22:54:12,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\KMPAskPIPCount_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\KMPAskPIPCount_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\KMPAskPIPCount_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\KMPAskPIPCount_RASMANCS



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pá 14.02.2014 at 23:01:58,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Rudy]

OK. Nastala nějaká změna?

[RAma]

bohužel ne
aspoň z části, pořád se to drží na vašem webu, na http://tracker.cztorrent.net/ ,na www.aliexpres.com, www.extra.cz a spoustu stránek s přehrávání videa....
jinak google ,youtube už se kupodivu načítají, ale jen úvodní stránky, pokud dám vyhledat okamžitě přesměrování na www.ultra...

[Rudy]

Zkusíme ještě Rogue Killer:

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.

[RAma]

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : R [Práva správce]
Mód : Kontrola -- Datum : 02/15/2014 13:07:15
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] utorrent.exe -- C:\Users\R\AppData\Roaming\uTorrent\utorrent.exe [-] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : uTorrent ("C:\Users\R\AppData\Roaming\uTorrent\utorrent.exe" [-]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-3548695890-1251497973-2143529031-1000\[...]\Run : uTorrent ("C:\Users\R\AppData\Roaming\uTorrent\utorrent.exe" [-]) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400BPVT-80HXZT3 ATA Device +++++
--- User ---
[MBR] 00122ef3ef46bce8cab4a936c61cc159
[BSP] 1cc9f74de72b8d430f9288d13eaf6b86 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SD Card +++++
--- User ---
[MBR] 9833ec406b730dbdbb83ffef3f18d92b
[BSP] 3ee541210a64d1f4b800f3132d361838 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7580 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) ST500LM0 12 HN-M500MB USB Device +++++
--- User ---
[MBR] 8668d1c965ab693729e6a3320fd7c941
[BSP] bd2c293b27ad48b9eb2744d02a4a8b8b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 89ca2276f1103d3ae983263e40dd50ca
[BSP] 94922b484844e0ca6415fc0dcf170db6 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7634 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Dokončeno : << RKreport[0]_S_02152014_130715.txt >>

[Rudy]

Pokračujte takto:

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.