Kontrola logu

[gorefest]

Zdravím, prosím o preventivku RSIT logu. Děkuji

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kubík at 2014-10-27 11:30:06
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 31 GB (13%) free of 238 GB
Total RAM: 2039 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:30:40, on 27.10.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16584)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SupTab\HpUI.exe
C:\Program Files (x86)\SupTab\Loader32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Kubík.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... JDWQ212960
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... JDWQ212960
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... JDWQ212960
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Kubík\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11780 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\ProgramData\IePluginServices\PluginService.exe -service
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {CE4E2D56-D39C-42F4-86A6-37809AFC4845}
"C:\Windows\system32\Dwm.exe"
taskeng.exe {FCDC205C-59A4-4E17-8445-D9D7F09029E7}
C:\Windows\Explorer.EXE
"C:\Windows\RAVCpl64.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\SupTab\HpUI.exe" -run
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\SupTab\Loader64.exe"
"C:\Program Files (x86)\SupTab\Loader32.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 2648
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
taskeng.exe {F204FEAD-4AE2-4569-8F26-4A3F9130001D}
splwow64
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=hppp&ts ... JDWQ212960
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2656.1.1503940427\408279349" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="2656.3.1745719268\693922867" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="2656.7.786692685\980403764" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe19_ Global\UsGthrCtrlFltPipeMssGthrPipe19 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648
"C:\Users\Kubík\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\0263b5c3-2bb1-4856-b2c0-a6de30431fed-5_user.job - C:\Program Files (x86)\ClickMovie1-Downloaderv10\0263b5c3-2bb1-4856-b2c0-a6de30431fed-5.exe

[altrok]

Zdravim

log neni kompletni, ale uz tady je videt havet... pro priste pri kopirovani logu doporucuji pouzivat

• Ctrl+A (oznaci vse)
  Ctrl+C (oznacene zkopiruje do schranky - pameti pocitace)
  Ctrl+V (vlozi obsah schranky - log - do Vasi odpovedi)

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Stahnete a ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/,

• ukoncete vsechny programy,
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem),
• kliknete na Scan, pote na Clean,
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi.

[gorefest]

# AdwCleaner v4.002 - Report created 27/10/2014 at 12:21:10
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Kubík - KUBÍK-PC
# Running from : C:\Users\Kubík\Desktop\adwcleaner_4.002.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : IePluginServices
Service Deleted : WindowsMangerProtect
[#] Service Deleted : {3c3ae2b4-4a36-40c4-a356-ffc1820b7ece}Gt64

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Windows\SysWOW64\ARFC
[!] Folder Deleted : C:\Program Files (x86)\Around the world in 80 days
[!] Folder Deleted : C:\Program Files\Babylon
[!] Folder Deleted : C:\Users\Kubík\AppData\Local\cool_mirage
[!] Folder Deleted : C:\Program Files (x86)\driver-soft
[!] Folder Deleted : C:\Program Files (x86)\globalUpdate
[!] Folder Deleted : C:\Users\Kubík\AppData\Local\globalUpdate
[!] Folder Deleted : C:\ProgramData\IePluginServices
[!] Folder Deleted : C:\Windows\SysWOW64\jmdp
[!] Folder Deleted : C:\Users\Kubík\AppData\Local\onlysearch
[!] Folder Deleted : C:\Users\Kubík\AppData\Roaming\OpenCandy
[!] Folder Deleted : C:\Program Files (x86)\SupTab
[!] Folder Deleted : C:\ProgramData\SweetIM
[!] Folder Deleted : C:\Program Files (x86)\SweetIM
[!] Folder Deleted : C:\ProgramData\WindowsMangerProtect
[!] Folder Deleted : C:\Windows\SysWOW64\WNLT
[!] Folder Deleted : C:\ProgramData\Alawar Stargaze
[!] Folder Deleted : C:\Users\Kubík\AppData\Roaming\Alawar Stargaze
[!] Folder Deleted : C:\Program Files (x86)\ClickMovie1-Downloaderv10
[!] Folder Deleted : C:\Users\Kubík\AppData\Local\ClickMovie1-Downloaderv10
File Deleted : C:\Windows\System32\\drivers\{3c3ae2b4-4a36-40c4-a356-ffc1820b7ece}Gt64.sys
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Kubík\Desktop\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0063317.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0063317.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0063317.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0063317.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331117}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335517}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336617}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644334417}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611331117}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331117}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332217}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\ClickMovie1-Downloaderv10
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\ClickMovie1-Downloaderv10
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\ClickMovie1-Downloaderv10
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickMovie1-Downloaderv10
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PCSU-SL_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\onlysearch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ClickMovie1-Downloaderv10
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [20980 octets] - [27/10/2014 12:15:20]
AdwCleaner[S0].txt - [17166 octets] - [27/10/2014 12:21:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17227 octets] ##########

[altrok]

Dejte log FRST, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[gorefest]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kubík at 2014-10-27 12:56:07
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 30 GB (13%) free of 238 GB
Total RAM: 2039 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:56:15, on 27.10.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16584)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Kubík.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Kubík\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9883 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 1708
"C:\Windows\system32\Dwm.exe"
taskeng.exe {9BB8CA0C-5BF1-4D84-93C0-AF0F75540518}
C:\Windows\Explorer.EXE
taskeng.exe {A5F7E656-23EB-4C40-AE42-D7F0A8C32138}
"C:\Windows\RAVCpl64.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/SDCH/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="3212.1.58556560\65050278" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/SDCH/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="3212.4.1408654864\1353269332" /prefetch:673131151
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/SDCH/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="3212.6.880757855\500728749" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/Preperiod_A2_StableBookmarksIndexURLs/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/SDCH/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="3212.7.340729953\1977402465" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648
"C:\Users\Kubík\Downloads\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\0263b5c3-2bb1-4856-b2c0-a6de30431fed-5_user.job - C:\Program Files (x86)\ClickMovie1-Downloaderv10\0263b5c3-2bb1-4856-b2c0-a6de30431fed-5.exe
/rawdata=pOMuKmdVIfblLdXRL6h9LUvbp26Hc/OP6qDX8V0zxb8gIQsly3Wwh/B0t1Gdc0AuYj48P3U+Re6ZbInZip+Ab6GvkbhDY20eYu43d0SBkdpFyDm4PJkGX+eO6kRzZTg+N5D5kNq4c8kNu6s7y15OeaYclaHGR5UZ5bQVYU6b5fsX/CBdGMX+XvsJMNBjX5Zq6vsI3PrvF4EdH0Ojja2S6+ikhsyobW48ma3EDaXUQ97KFFhdxDUU1kxCCmm+Vcy0IYhSAt4iXNFejXYJtiUcPDUFz3U44sva79GJ8WY7kStewGNO1LoZhMt3u6We8F6vq1CSOzhFnmLpbo0hNOgQW8Uxu+rQdTIDafxpHd6a0fHv7sdOazZKKesfqjXJEViy9tpIj6a2/zqfOXu+JzDkeBwXKzUUj5WrUAWJKEd6mnjq2tsWiGUq1RWpWhYoRyq6bPHLsp+Q5UK+pMc9VdpLsCyXLML8My2fLkXbIJXxjkwLC3DHEFl8kd7B34JazM7fZIZHc40sPf+AobVhjr5Hw6VVCK8nrLpkeMsy70A5Rms6R4Kse2oUD+EPzj2HAKu/z7JQt5hDP+k7juyf1it+AwmiDwhAxANLjbWePu0HbzTa6vNJ7I6mdz81VnQHAzfTDq02F5S8NnMBtw7veQdrdVAhRdWQsam3xp6pu8AocZhEG9OZL1zymmD00JFszRI86pysFbfgpY/QWn9b9ucnYvmbSBVMJcn6X7GdraWWTv2T1V/sccCWnH/DGp1QYK4Tz/7D5TpU4KBFyHY9sT4aFI6CILa4McfOSOWeBBO0w2ksgvhea0EaWr2VLkioBBwnSdZcVcaF+SmyB2PTVSlnqK/hpJQ3ZuLe3OCmwwwNfpRtWvk0u7p4y3nSsENRM3Y6FTtrIRhEiNqRpBxELA/7gyDzJP/y1/fSOa/vU0rMIEvYfV6pDAhSz5amxuc0Xt0gRWd/l8we2Pf/fODgMyyJt5e0/EjIIYpRNyJ7WmUy3wJ5wS+59Hl9C7OOqcOQKvAc
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\b1d02aa7-81df-4b1f-8023-d8eb3512fbdb-5_user.job - C:\Program Files (x86)\ClickMovie1-Downloaderv10\b1d02aa7-81df-4b1f-8023-d8eb3512fbdb-5.exe
/rawdata=pOMuKmdVIfblLdXRL6h9LUvbp26Hc/OP6qDX8V0zxb8gIQsly3Wwh/B0t1Gdc0AuYj48P3U+Re6ZbInZip+Ab6GvkbhDY20eYu43d0SBkdpFyDm4PJkGX+eO6kRzZTg+N5D5kNq4c8kNu6s7y15OeaYclaHGR5UZ5bQVYU6b5fvGCPBll+nzHA7mTlv0MOpeV0q19K3Gb5AqiVSLUgOXhQOg69JusL6OxZnWjSnoE7VGA/caspnJSSThQSgPh5KJCkg6rhYQlBgXNVglVAbax6Es9hFJsY3+CF0cPvPzHa5uVOKe22s7VQQ1ia4WftMAcVtJzWNkhV79tJARf6lHKouAeGhkZEynwFk1id/4jDLobsOQnY3VoStE7naPjFA10LMi23z6q9KNPbHBJXf5YcfgmjW7XbsvksXVFtMw0uwCJtK2Q123hAXLc5v56fIN2p3/CG4BUWMEooM4e70Sx/TV28N3eBefMaXOQZI63VhX2CPm+tmwju8trkeCc2fSI9xk1khFY1pmyH4htlkmRi66sgwIn5m0qsV5K/3tK+pW+31IXjH4msiPZc48pdJtWr/WY5v0R0ssAar/az64dE/MWWkmhqi1BNFmaTpwmQ6l7+xAdng9GAHAhGUz5wZDmhRTDoERLsbhZ944HPbIGZrILgSePhOru1R9xX+qvEidWSbKwAg65pbsn+VyKTWKdPKPu4eJMk7qRdjnHvYJraplEBXybThUFfSAnH/E2cdcyjsBJRiT1IG9Va7eoJI2Vpze3gskn3dyzap1GeNXn9cIylMO8D4xt2x1ivpoOfU6CAmLYfKxrPD8vcML7/j94Rn3IyWsY6AEhUJ33baTDsQ5d7V/nX8w2UTML91URaGv1zkNQ3OuPJymE3Ja9MI0z8B8UdVlA1IIQXtc6qUS4DGQsFeg+U9TP4SbA9Xy7mMytagkTLPSETlexc3soCC9X+zRjkvFF+VMDK5G0JrfRq0KVuLtEE8TSFxW8oOEA4uUjLFfjIMM0vlQt9a/e4X8
C:\Windows\tasks\EKPMQFQJ.job - C:\Users\Kub�k\AppData\Roaming\EKPMQFQJ.exe
/infocmdline=WHknauxdmR8gMJ+7+HXABejIY/21Jd7nTM172DkqyVLnqVF39Wc4g/AfFxY+G9rOp5aWTvdE5T/AvpnLvYre4beh1wQjMpYaKLPuyfUveFOvqSZjm++F/B/2OgJ6czGk/v0uSLfLkfyfzTTgv/+NcqJQDmBvAw7facLjAFK665t5AzkyQ5ai1LUVrG1x2CSBSoUdoXB7pxdx/U7yH9G8Ha+luRaZ7hAdOIl6dlbrqdtSyU/ZdPTrSKAMxb6XYxYKmlBqARkj5HQ4FzRv0zgm/1Rkfey3/F9u34ra3JqGMdYSqHsQE157N2A3KScad8J1oBtyZs6S66EKGbl78O1Da3fGZd6IbAIMy0Jz91ejksD625Oa+C/6fQaIg9tBrub1IEVaK7SVzFWlgv1+2/LA/DAhYdDRN21kEgHW65l7nilEjKxpgvCstWxZmN/zHDS2mNG8UOaqMuHBnuOVDb+1XvOj+MEo+NdBVW+9OrD31k3nghCQO+doPOvI/49Mq0ncsZkLutK+wRg09MBTdV6esMVJAnVrHQ18v7KwLAnjHLQ6qygpZwcc4FRKmt288xLM80NNLghoNjL7A5LleUPNwEK91s0rHvKmd83SdnKb64/+DklNpVBvfiP1S7ufH9ZR3T06y0c1dfgiSyZsKto8dEXbr5D/fQu+D2xz3adWKyg=
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\JCGKE.job - C:\Users\Kub�k\AppData\Roaming\JCGKE.exe
/infocmdline=Il8nn/2msFKxbNiwNVMP4FiKcfHw0cQDMfUhv2EdIyZ+HxEPY71+2CvyKTJq53uG1cGu8GAIfVOCXKgy6N1o4MkUwarm7SqX+Rgc/hybEtgerExbsqXoGBjic7mQu6qq+gARfclKsfwRfDB4s9UIiWoac9/vJ7i9LpDs4OAboARCfTMeQVTSV9xJTmVxpk80KPyiVEDIdD3urNOy1mtOgD860RjRmfDKnOc85RcCR4K65LvoeQJp1/WC/kcTkkP3mW83DstneEAjO/xg8SnsF1RHmYEFKLhXXzzeRXeCtg2msWv+ZVwe29SEns7tb9wVr6I3KkxXgtxsfn+i4C2jHQGUdrCaGYZkSwTXITmgWm1E9Sw6BVPsOng+r6LHq9gTLjDKJ2bSTbE2Niz2b4Wqvj9DjewkioqKFkiWiXFfodVfzCySkbmYeLS60/23WQfC4gb/PykoQ4WKX8VCURiZZ49QSkPbwG8VzS5wDbF7R0uURyY8HvIBfcQmFZ/aWWeE
C:\Windows\tasks\PSOJYHO.job - C:\Users\Kub�k\AppData\Roaming\PSOJYHO.exe
/infocmdline=XxXEPnaay6cVQ+rXha7XIWc23SwQr/kHZDolKlnUjTSnLsmS2Dw4Fq9G2UM9zk7e5IZQSB4M6Xr1eJ51oXK+39NcU86MquBbAKu0/ka3dUXC8H/RqjV8ODu36GDv6oPtxCKY70Pk0A0FsBV8wLftbb168AsMuTzi917TSkwF1idLLlXux3fS09cBOPQB9GpSy6Xqif0FiFJ5ZJtZsBdcDnmo2z92WoNqOkOf3kL261z+IXJBh0WceiCAXlAnNaOF1AVakfcXuZ0Qjn4sHqfhnmC3nKv0oNejpIG4ZpwonBJ4Q8bPuJ3przH6yEyYaqgPU5eL6GjYSMUXF0JQRJnDrjzTqPP1LB9arUA2KkPxKmuv+gESKnWMfxB0MVL0DCLD4auNRsTMaUhZTeQ2odenQBvxfdC15SEcQC6w/CqQQBbgKJS3zbjuTZM5PZZGjEtGIgSoQCbic/QrG2Jg9kzkSJMgDnB1mbEytaEZDdUIu54T6EGKDLHtKVfK/JX3ZHWD
C:\Windows\tasks\QPSJJQY.job - C:\Users\Kub�k\AppData\Roaming\QPSJJQY.exe
/infocmdline=c/uGSKwkolSOtvUIpEAoX88nMTXYidoUCzGhiVD0lmQZCJ1Qbu2pEDmvTnH2m7j8TT069/9ZDrQfAJyHcwiUEayQ264hMQVs7xcQGHZCFaW24o/YCFb8bMbrQwM81DmacTClwuY8yEq2zcWLrLtMZgylhUXDoVsnbalOkiTijDNFcGy9npro5EubI9y0DsG5bFXch08UiB6+V4Y0OWM2ET9oyz1Akng87tOtSAi7eOSwvZNviwljERrOpEAp7vJBXxRTcQdN4SM+POjcfiFJdHTZzv5wwML9kE0C/2UhxYm82kHM8GfnvKiM9KpCNDun3kVXUB859U/ygRNlU9KK54O7z6LPepx2eVo0N+PK5Fu4BlMZW193H0wyPZBu4INwv5EeJOvSkvllEp8VjJclvmu87pejncCLHHjcDAIexBEJbAwIAy9Ve7Stwbz/qJTZhjNr/Nul6/8gkqMVPbseVgRGww1I/j87oGVoLt/fswfeDH4iz+TX1T1p1lLS98pw

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1584184]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2007-10-01 5426688]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 138264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 203800]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 168472]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 1331288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
""= []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-08-01 3673696]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 138240]
"cz.seznam.software.autoupdate"=C:\Users\Kubík\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-09-01 966712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Akcelerátor spuštění AutoCADu.lnk]
C:\PROGRA~2\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2004-02-25 10872]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"TaskTray"= []
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]
"NPSStartup"= []
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2012-10-25 421888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

FRST log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014
Ran by Kubík (administrator) on KUBÍK-PC on 27-10-2014 13:06:56
Running from C:\Users\Kubík\Desktop
Loaded Profile: Kubík (Available profiles: Kubík)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [5426688 2007-10-01] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [TaskTray] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\Run: [] => [X]
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Kubík\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {35c28d7b-7469-11e1-9dc6-001d92604ed1} - E:\Autorun.exe
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {545fa32d-6360-11e0-846d-001d92604ed1} - E:\autorun.exe
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {cec8a38e-3e78-11e3-92cf-001d92604ed1} - E:\autorun.exe
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {da4ec790-4604-11e3-b5ac-001d92604ed1} - F:\LaunchU3.exe -a
ShellIconOverlayIdentifiers-x32: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5-x64 02 %SystemRoot%\system32\napinsp.dll [62976] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-10]
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-09-06]
FF HKLM-x32\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\Kubík\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix
FF Extension: Mozilla hotfix - C:\Users\Kubík\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012-05-19]
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-09-06]
FF HKCU\...\Firefox\Extensions: [hotfix@mozilla.org] - C:\Users\Kubík\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.only-search.com/?babsrc=HP_ss&mntrI ... 0&tsp=5403"
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?q={searchTerms}
CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fullt ... earchTerms}
CHR Profile: C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-18]
CHR Extension: (Dokumenty Google) - C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-18]
CHR Extension: (Disk Google) - C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-18]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-09-25]
CHR Extension: (YouTube) - C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-18]
CHR Extension: (Tabulky Google) - C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-18]
CHR Extension: (Peněženka Google) - C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-18]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-09-25]
CHR Extension: (Gmail) - C:\Users\Kubík\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [84520 2011-03-14] (Software602 a.s.)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [74360 2011-10-28] (Autodesk, Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-10] (Macrovision Europe Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-06-04] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [873216 2007-04-20] (Philips Semiconductors GmbH)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2012-11-22] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-26] (Disc Soft Ltd)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [275432 2009-04-11] (Společnost Microsoft)
S3 ialm; C:\Windows\System32\DRIVERS\igdkmd64.sys [7709056 2008-02-11] (Intel Corporation)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2012-11-22] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1513320 2013-03-03] (Společnost Microsoft)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 fisbwebi; \??\C:\Windows\system32\drivers\fisbwebi.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 13:06 - 2014-10-27 13:07 - 00016615 _____ () C:\Users\Kubík\Desktop\FRST.txt
2014-10-27 13:06 - 2014-10-27 13:07 - 00000000 ____D () C:\FRST
2014-10-27 13:05 - 2014-10-27 13:05 - 02113024 _____ (Farbar) C:\Users\Kubík\Desktop\FRST64.exe
2014-10-27 12:55 - 2014-10-27 12:55 - 01222144 _____ () C:\Users\Kubík\Downloads\RSITx64 (1).exe
2014-10-27 12:27 - 2014-10-27 12:27 - 00000322 _____ () C:\Windows\PFRO.log
2014-10-27 12:15 - 2014-10-27 12:22 - 00000000 ____D () C:\AdwCleaner
2014-10-27 12:14 - 2014-10-27 12:14 - 01998336 _____ () C:\Users\Kubík\Desktop\adwcleaner_4.002.exe
2014-10-27 12:04 - 2014-10-27 12:04 - 01998336 _____ () C:\Users\Kubík\Downloads\adwcleaner_4.002.exe
2014-10-27 12:04 - 2014-10-27 12:04 - 01998336 _____ () C:\Users\Kubík\Downloads\adwcleaner_4.002 (1).exe
2014-10-27 11:30 - 2014-10-27 12:56 - 00000000 ____D () C:\Program Files\trend micro
2014-10-27 11:29 - 2014-10-27 11:29 - 01222144 _____ () C:\Users\Kubík\Downloads\RSITx64.exe
2014-10-21 14:36 - 2014-10-21 14:36 - 00040960 _____ () C:\Users\Kubík\Downloads\CZ20141200-60cps-590.xls
2014-10-18 15:17 - 2014-10-18 15:18 - 18957787 _____ () C:\Users\Kubík\Downloads\kristyna.wmv
2014-10-18 15:06 - 2014-10-18 15:08 - 27542081 _____ () C:\Users\Kubík\Downloads\martina.wmv
2014-10-16 22:53 - 2014-10-16 22:53 - 00008656 _____ () C:\Users\Kubík\Documents\cc_20141016_235334.reg
2014-10-16 22:12 - 2014-10-16 22:12 - 00002454 _____ () C:\Windows\Tasks\b1d02aa7-81df-4b1f-8023-d8eb3512fbdb-5_user.job
2014-10-16 22:11 - 2014-10-16 22:11 - 01496480 _____ (end) C:\Users\Kubík\AppData\Roaming\PSOJYHO.exe
2014-10-16 22:11 - 2014-10-16 22:11 - 00001340 _____ () C:\Windows\Tasks\PSOJYHO.job
2014-10-16 22:10 - 2014-10-16 22:10 - 01982368 _____ (end) C:\Users\Kubík\AppData\Roaming\EKPMQFQJ.exe
2014-10-16 22:10 - 2014-10-16 22:10 - 00001686 _____ () C:\Windows\Tasks\EKPMQFQJ.job
2014-10-16 22:05 - 2014-10-16 22:06 - 00372928 _____ () C:\Users\Kubík\Downloads\KR12.rar (2).exe
2014-10-16 22:04 - 2014-10-16 22:04 - 00372928 _____ () C:\Users\Kubík\Downloads\KR12.rar (1).exe
2014-10-15 21:18 - 2014-09-17 07:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 21:18 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 21:17 - 2014-09-28 00:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 21:11 - 2014-06-15 23:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 21:11 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 21:11 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 21:11 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 21:11 - 2014-06-13 18:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 21:11 - 2014-06-13 18:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 21:10 - 2014-09-05 00:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-15 20:34 - 2014-09-20 01:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 20:34 - 2014-09-20 00:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 20:34 - 2014-09-20 00:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 20:34 - 2014-09-20 00:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 20:34 - 2014-09-20 00:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 20:34 - 2014-09-20 00:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 20:34 - 2014-09-20 00:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 20:34 - 2014-09-20 00:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 20:34 - 2014-09-20 00:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 20:34 - 2014-09-20 00:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 20:34 - 2014-09-20 00:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 20:34 - 2014-09-20 00:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 20:34 - 2014-09-20 00:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 20:34 - 2014-09-20 00:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 20:34 - 2014-09-20 00:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 20:34 - 2014-09-20 00:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 20:34 - 2014-09-20 00:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 20:34 - 2014-09-20 00:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 20:34 - 2014-09-20 00:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 20:34 - 2014-09-20 00:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 20:34 - 2014-09-20 00:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 20:34 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 20:34 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 20:34 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 20:34 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 20:34 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 20:34 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 20:34 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 20:34 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 20:34 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 20:34 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 20:34 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 20:34 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 20:34 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 20:34 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 20:34 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 20:34 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 20:34 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 20:34 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 20:34 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 20:34 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-15 20:34 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-04 19:24 - 2014-10-04 19:24 - 00000000 ____D () C:\Users\Kubík\AppData\Roaming\dvdcss

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 12:50 - 2006-11-02 16:27 - 01909761 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 12:45 - 2011-08-21 23:27 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 12:33 - 2014-09-25 14:40 - 00000000 ____D () C:\Users\Kubík\AppData\Roaming\Seznam.cz
2014-10-27 12:33 - 2007-01-08 23:10 - 00645076 _____ () C:\Windows\system32\perfh005.dat
2014-10-27 12:33 - 2007-01-08 23:10 - 00137762 _____ () C:\Windows\system32\perfc005.dat
2014-10-27 12:33 - 2006-11-02 13:46 - 01532822 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 12:27 - 2012-06-08 08:05 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-10-27 12:27 - 2006-11-02 16:42 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-27 12:27 - 2006-11-02 16:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 12:27 - 2006-11-02 16:22 - 00004976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 12:27 - 2006-11-02 16:22 - 00004976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 12:22 - 2012-09-27 17:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-27 12:22 - 2011-04-28 20:30 - 00000861 _____ () C:\Users\Kubík\Desktop\Launch Internet Explorer Browser.lnk
2014-10-27 12:18 - 2012-04-12 16:59 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 09:19 - 2008-03-28 21:58 - 00000000 ____D () C:\Users\Kubík\Documents\Michal
2014-10-20 22:15 - 2011-05-17 22:03 - 00128000 _____ () C:\Users\Kubík\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-20 21:40 - 2011-08-21 23:27 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 21:40 - 2011-08-21 23:27 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 21:40 - 2011-08-21 23:27 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 06:29 - 2014-09-18 21:53 - 00002031 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-18 06:29 - 2014-09-18 21:53 - 00002031 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-10-16 18:24 - 2014-09-13 06:24 - 00002454 _____ () C:\Windows\Tasks\0263b5c3-2bb1-4856-b2c0-a6de30431fed-5_user.job
2014-10-16 14:02 - 2006-11-02 16:21 - 00453352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 21:15 - 2011-04-10 19:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 21:09 - 2013-08-15 22:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 21:01 - 2012-05-19 20:41 - 00000000 ____D () C:\Users\Kubík\AppData\Roaming\WinLive
2014-10-15 20:55 - 2006-11-02 13:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Kubík\AppData\Local\Temp\Quarantine.exe
C:\Users\Kubík\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-27 12:35

==================== End Of Log ============================

[altrok]

Otestujte soubor C:\Users\Kubík\Downloads\KR12.rar (1).exe
na virustotal.com a dejte vedet o pripadnych nalezech

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho bole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog, jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  Task: C:\Windows\Tasks\0263b5c3-2bb1-4856-b2c0-a6de30431fed-5_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\0263b5c3-2bb1-4856-b2c0-a6de30431fed-5.exe
  Task: C:\Windows\Tasks\b1d02aa7-81df-4b1f-8023-d8eb3512fbdb-5_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\b1d02aa7-81df-4b1f-8023-d8eb3512fbdb-5.exe
  Task: C:\Windows\Tasks\EKPMQFQJ.job => C:\Users\Kubík\AppData\Roaming\EKPMQFQJ.exe <==== ATTENTION
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\JCGKE.job => C:\Users\Kubík\AppData\Roaming\JCGKE.exe <==== ATTENTION
  Task: C:\Windows\Tasks\PSOJYHO.job => C:\Users\Kubík\AppData\Roaming\PSOJYHO.exe <==== ATTENTION
  Task: C:\Windows\Tasks\QPSJJQY.job => C:\Users\Kubík\AppData\Roaming\QPSJJQY.exe <==== ATTENTION
  AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
  AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51
  AlternateDataStreams: C:\ProgramData\TEMP:2652902F
  AlternateDataStreams: C:\ProgramData\TEMP:2AF322BF
  AlternateDataStreams: C:\ProgramData\TEMP:2C86E2AD
  AlternateDataStreams: C:\ProgramData\TEMP:4D015897
  AlternateDataStreams: C:\ProgramData\TEMP:4EC7F009
  AlternateDataStreams: C:\ProgramData\TEMP:65C4D44A
  AlternateDataStreams: C:\ProgramData\TEMP:6E2D80C8
  AlternateDataStreams: C:\ProgramData\TEMP:9195103F
  AlternateDataStreams: C:\ProgramData\TEMP:B4258C5D
  AlternateDataStreams: C:\ProgramData\TEMP:D999FFD5
  AlternateDataStreams: C:\ProgramData\TEMP:DB2748F7
  AlternateDataStreams: C:\ProgramData\TEMP:DBC3D477
  AlternateDataStreams: C:\ProgramData\TEMP:ED0B32CA
  AlternateDataStreams: C:\ProgramData\TEMP:F26F5952
  AlternateDataStreams: C:\ProgramData\TEMP:F6A0889A
  AlternateDataStreams: C:\ProgramData\TEMP:F89F2593
  AlternateDataStreams: C:\ProgramData\TEMP:FB4262DE
  
  HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
  HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [] => [X]
  HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
  HKLM-x32\...\Run: [TaskTray] => [X]
  HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
  HKLM-x32\...\Run: [NPSStartup] => [X]
  HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
  HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\Run: [] => [X]
  HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
  HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Kubík\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
  HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
  HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {35c28d7b-7469-11e1-9dc6-001d92604ed1} - E:\Autorun.exe
  HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {545fa32d-6360-11e0-846d-001d92604ed1} - E:\autorun.exe
  HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {cec8a38e-3e78-11e3-92cf-001d92604ed1} - E:\autorun.exe
  HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {da4ec790-4604-11e3-b5ac-001d92604ed1} - F:\LaunchU3.exe -a
  
  Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
  CHR StartupUrls: Default -> "hxxp://www.only-search.com/?babsrc=HP_ss&mntrId=E854001D92604ED1&affID=129300&tsp=5403"
  CHR DefaultSearchKeyword: Default -> seznam.cz
  CHR DefaultSearchURL: Default -> http://search.seznam.cz/?q={searchTerms}
  CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
  
  S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
  S1 fisbwebi; \??\C:\Windows\system32\drivers\fisbwebi.sys [X]
  S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
  S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
  S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
  S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
  
  2014-10-27 11:30 - 2014-10-27 12:56 - 00000000 ____D () C:\Program Files\trend micro
  2014-10-16 22:11 - 2014-10-16 22:11 - 01496480 _____ (end) C:\Users\Kubík\AppData\Roaming\PSOJYHO.exe
  2014-10-16 22:11 - 2014-10-16 22:11 - 00001340 _____ () C:\Windows\Tasks\PSOJYHO.job
  2014-10-16 22:10 - 2014-10-16 22:10 - 01982368 _____ (end) C:\Users\Kubík\AppData\Roaming\EKPMQFQJ.exe
  2014-10-16 22:10 - 2014-10-16 22:10 - 00001686 _____ () C:\Windows\Tasks\EKPMQFQJ.job
  C:\Program Files (x86)\ClickMovie1-Downloaderv10
  C:\Users\Kubík\AppData\Roaming\EKPMQFQJ.exe
  C:\Users\Kubík\AppData\Roaming\JCGKE.exe
  C:\Users\Kubík\AppData\Roaming\PSOJYHO.exe
  C:\Users\Kubík\AppData\Roaming\QPSJJQY.exe
  Hosts:
  EmptyTemp:
  End
  

[gorefest]

soubor C:\Users\Kubík\Downloads\KR12.rar (1).exe - není žádný problém


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014
Ran by Kubík at 2014-10-27 13:50:02 Run:1
Running from C:\Users\Kubík\Desktop
Loaded Profile: Kubík (Available profiles: Kubík)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
Task: C:\Windows\Tasks\0263b5c3-2bb1-4856-b2c0-a6de30431fed-5_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\0263b5c3-2bb1-4856-b2c0-a6de30431fed-5.exe
Task: C:\Windows\Tasks\b1d02aa7-81df-4b1f-8023-d8eb3512fbdb-5_user.job => C:\Program Files (x86)\ClickMovie1-Downloaderv10\b1d02aa7-81df-4b1f-8023-d8eb3512fbdb-5.exe
Task: C:\Windows\Tasks\EKPMQFQJ.job => C:\Users\Kubík\AppData\Roaming\EKPMQFQJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\JCGKE.job => C:\Users\Kubík\AppData\Roaming\JCGKE.exe <==== ATTENTION
Task: C:\Windows\Tasks\PSOJYHO.job => C:\Users\Kubík\AppData\Roaming\PSOJYHO.exe <==== ATTENTION
Task: C:\Windows\Tasks\QPSJJQY.job => C:\Users\Kubík\AppData\Roaming\QPSJJQY.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
AlternateDataStreams: C:\ProgramData\TEMP:18DEBC51
AlternateDataStreams: C:\ProgramData\TEMP:2652902F
AlternateDataStreams: C:\ProgramData\TEMP:2AF322BF
AlternateDataStreams: C:\ProgramData\TEMP:2C86E2AD
AlternateDataStreams: C:\ProgramData\TEMP:4D015897
AlternateDataStreams: C:\ProgramData\TEMP:4EC7F009
AlternateDataStreams: C:\ProgramData\TEMP:65C4D44A
AlternateDataStreams: C:\ProgramData\TEMP:6E2D80C8
AlternateDataStreams: C:\ProgramData\TEMP:9195103F
AlternateDataStreams: C:\ProgramData\TEMP:B4258C5D
AlternateDataStreams: C:\ProgramData\TEMP:D999FFD5
AlternateDataStreams: C:\ProgramData\TEMP:DB2748F7
AlternateDataStreams: C:\ProgramData\TEMP:DBC3D477
AlternateDataStreams: C:\ProgramData\TEMP:ED0B32CA
AlternateDataStreams: C:\ProgramData\TEMP:F26F5952
AlternateDataStreams: C:\ProgramData\TEMP:F6A0889A
AlternateDataStreams: C:\ProgramData\TEMP:F89F2593
AlternateDataStreams: C:\ProgramData\TEMP:FB4262DE

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [TaskTray] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\Run: [] => [X]
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Kubík\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {35c28d7b-7469-11e1-9dc6-001d92604ed1} - E:\Autorun.exe
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {545fa32d-6360-11e0-846d-001d92604ed1} - E:\autorun.exe
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {cec8a38e-3e78-11e3-92cf-001d92604ed1} - E:\autorun.exe
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\...\MountPoints2: {da4ec790-4604-11e3-b5ac-001d92604ed1} - F:\LaunchU3.exe -a

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR StartupUrls: Default -> "hxxp://www.only-search.com/?babsrc=HP_ss&mntrI ... 0&tsp=5403"
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSearchURL: Default -> http://search.seznam.cz/?q={searchTerms}
CHR DefaultSuggestURL: Default -> http://suggest.fulltext.seznam.cz/fullt ... earchTerms}

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 fisbwebi; \??\C:\Windows\system32\drivers\fisbwebi.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

2014-10-27 11:30 - 2014-10-27 12:56 - 00000000 ____D () C:\Program Files\trend micro
2014-10-16 22:11 - 2014-10-16 22:11 - 01496480 _____ (end) C:\Users\Kubík\AppData\Roaming\PSOJYHO.exe
2014-10-16 22:11 - 2014-10-16 22:11 - 00001340 _____ () C:\Windows\Tasks\PSOJYHO.job
2014-10-16 22:10 - 2014-10-16 22:10 - 01982368 _____ (end) C:\Users\Kubík\AppData\Roaming\EKPMQFQJ.exe
2014-10-16 22:10 - 2014-10-16 22:10 - 00001686 _____ () C:\Windows\Tasks\EKPMQFQJ.job
C:\Program Files (x86)\ClickMovie1-Downloaderv10
C:\Users\Kubík\AppData\Roaming\EKPMQFQJ.exe
C:\Users\Kubík\AppData\Roaming\JCGKE.exe
C:\Users\Kubík\AppData\Roaming\PSOJYHO.exe
C:\Users\Kubík\AppData\Roaming\QPSJJQY.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Windows\Tasks\0263b5c3-2bb1-4856-b2c0-a6de30431fed-5_user.job => Moved successfully.
C:\Windows\Tasks\b1d02aa7-81df-4b1f-8023-d8eb3512fbdb-5_user.job => Moved successfully.
C:\Windows\Tasks\EKPMQFQJ.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\JCGKE.job => Moved successfully.
C:\Windows\Tasks\PSOJYHO.job => Moved successfully.
C:\Windows\Tasks\QPSJJQY.job => Moved successfully.
C:\ProgramData\TEMP => ":012BC84F" ADS removed successfully.
C:\ProgramData\TEMP => ":18DEBC51" ADS removed successfully.
C:\ProgramData\TEMP => ":2652902F" ADS removed successfully.
C:\ProgramData\TEMP => ":2AF322BF" ADS removed successfully.
C:\ProgramData\TEMP => ":2C86E2AD" ADS removed successfully.
C:\ProgramData\TEMP => ":4D015897" ADS removed successfully.
C:\ProgramData\TEMP => ":4EC7F009" ADS removed successfully.
C:\ProgramData\TEMP => ":65C4D44A" ADS removed successfully.
C:\ProgramData\TEMP => ":6E2D80C8" ADS removed successfully.
C:\ProgramData\TEMP => ":9195103F" ADS removed successfully.
C:\ProgramData\TEMP => ":B4258C5D" ADS removed successfully.
C:\ProgramData\TEMP => ":D999FFD5" ADS removed successfully.
C:\ProgramData\TEMP => ":DB2748F7" ADS removed successfully.
C:\ProgramData\TEMP => ":DBC3D477" ADS removed successfully.
C:\ProgramData\TEMP => ":ED0B32CA" ADS removed successfully.
C:\ProgramData\TEMP => ":F26F5952" ADS removed successfully.
C:\ProgramData\TEMP => ":F6A0889A" ADS removed successfully.
C:\ProgramData\TEMP => ":F89F2593" ADS removed successfully.
C:\ProgramData\TEMP => ":FB4262DE" ADS removed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TaskTray => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-544327606-1445399380-3202246954-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value deleted successfully.
"HKU\S-1-5-21-544327606-1445399380-3202246954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-544327606-1445399380-3202246954-1000" => Key not found.
"HKU\S-1-5-21-544327606-1445399380-3202246954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35c28d7b-7469-11e1-9dc6-001d92604ed1}" => Key deleted successfully.
"HKCR\CLSID\{35c28d7b-7469-11e1-9dc6-001d92604ed1}" => Key not found.
"HKU\S-1-5-21-544327606-1445399380-3202246954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{545fa32d-6360-11e0-846d-001d92604ed1}" => Key deleted successfully.
"HKCR\CLSID\{545fa32d-6360-11e0-846d-001d92604ed1}" => Key not found.
"HKU\S-1-5-21-544327606-1445399380-3202246954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec8a38e-3e78-11e3-92cf-001d92604ed1}" => Key deleted successfully.
"HKCR\CLSID\{cec8a38e-3e78-11e3-92cf-001d92604ed1}" => Key not found.
"HKU\S-1-5-21-544327606-1445399380-3202246954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da4ec790-4604-11e3-b5ac-001d92604ed1}" => Key deleted successfully.
"HKCR\CLSID\{da4ec790-4604-11e3-b5ac-001d92604ed1}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
blbdrive => Service deleted successfully.
fisbwebi => Service deleted successfully.
GMSIPCI => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\Kubík\AppData\Roaming\PSOJYHO.exe => Moved successfully.
"C:\Windows\Tasks\PSOJYHO.job" => File/Directory not found.
C:\Users\Kubík\AppData\Roaming\EKPMQFQJ.exe => Moved successfully.
"C:\Windows\Tasks\EKPMQFQJ.job" => File/Directory not found.
"C:\Program Files (x86)\ClickMovie1-Downloaderv10" => File/Directory not found.
"C:\Users\Kubík\AppData\Roaming\EKPMQFQJ.exe" => File/Directory not found.
C:\Users\Kubík\AppData\Roaming\JCGKE.exe => Moved successfully.
"C:\Users\Kubík\AppData\Roaming\PSOJYHO.exe" => File/Directory not found.
C:\Users\Kubík\AppData\Roaming\QPSJJQY.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 393.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

[altrok]

Vyborne, vse probehlo, jak melo

Jak se PC chova ted?

[gorefest]

Myslím, že je to mnohem, mnohem lepší. Předtím mě pořád něco běželo jakoby na pozadí a hrozně to brzdilo počítač. Teď zatím nic. Moc díky za pomoc a kdyby něco tak se ozvu.

[altrok]

Pokud se nejedna o soukromy soubor - C:\Users\Kubík\Downloads\KR12.rar (1).exe, mam na Vas jednu prosbu.
Protoze mam podezreni, ze se jedna o skodlivy soubor, vytvorte prosim kratky popisek v notepadu (poznamkovem bloku) a zkopirujte do nej jen

Kód: Vybrat vše

http://forum.viry.cz/viewtopic.php?f=30&t=140958&p=1354357

, tento soubor spolu se souborem C:\Users\Kubík\Downloads\KR12.rar (1).exe zabalte do archivu (.zip nebo .rar) a nahrajte na http://vyosek.ic.cz/havet/uploader.php?



Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[gorefest]

Když já ho už bohužel smazal. Omlouvám se, byl jsem rychlejší.

[altrok]

Nevadi, stejne to pravdepodobne byl jen zdroj castecne nakazy, kterou jste v PC mel


Mezitim jsem pro Vas sepsal zpusob, jak se vyvarovat zpusobu nakazy, kterym jste pocitac pravdepobodne infikoval.

Jednim z mnoha zpusobu, jak Vas havet prinuti, abyste skodlivy soubor spustili, je pripojeni dalsi pripony do nazvu souboru. Windows je v defaultu (standartne) nastaven, ze po precteni prvni zname pripony dalsi neukaze... priklad

soubor.pdf.exe se bude tvarit jako pdf soubor, ktery muze byt zdrojem nakazy

Abychom se tomuto zpusobu branili, musime upravit nasledujici nastaveni

• Start -> Spustit
• do okna zadejte: control folders
• prekliknete se nahore na kartu Zobrazeni
• odskrtnete (vypnete zatrzitko) u Skryt priponu souboru znamych typu
• kliknete na Pouzit

A pokud nejsou zadne dalsi dotazy ci problemy, muzeme tema uzavrit?

[gorefest]

Mockrát děkuji za pomoc a za rady. Jste tam opravdu kapacity. Mějte se

[altrok]

Dekuji za rychlou a bezproblemovou soucinnost


Nemate zac, rad jsem pomohl


Preji hezky den