Poprosil bych o preventivku

Zpráva

dokken · #1 Příspěvek od **dokken** » 12 lis 2014 00:32

Logfile of random's system information tool 1.10 (written by random/random)
Run by Pavel at 2014-11-12 00:31:17
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 185 GB (78%) free of 238 GB
Total RAM: 3894 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:31:21, on 12.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Pavel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SaveNewaAppz - {2E1FE0BE-1B31-178F-5662-AFB6CFE9A1BF} - C:\ProgramData\SaveNewaAppz\WzPg_jf.dll
O2 - BHO: DigiiCoUPon - {618B5052-3223-4DC0-D148-7646944815D0} - C:\ProgramData\DigiiCoUPon\HUDMFEzc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SaveNEwaAppZ - {CD7330BF-6348-C345-69FB-742F046268C5} - C:\ProgramData\SaveNEwaAppZ\KVCg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11240 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
winlogon.exe
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\SysWOW64\bgsvcgen.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe"
C:\Windows\System32\rpcnetp.exe
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe"
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\TOSHIBA\TECO\TecoService.exe"
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\OO Software\Defrag\oodtray.exe"
"C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\cmd.exe /c netsh firewall add allowedprogram program="C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe" name="PanProcess"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe" PanProcess
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Pavel\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000Core.job - C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000UA.job - C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\wp4vr1jv.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.google.cz/?gws_rd=ssl|https ... gws_rd=ssl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90CC20D3-4732-A748-F44E-48F83C8E20C5}]
TiaKKeTheCoupon - C:\ProgramData\TiaKKeTheCoupon\WL.x64.dll [2014-07-03 505856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E1FE0BE-1B31-178F-5662-AFB6CFE9A1BF}]
SaveNewaAppz - C:\ProgramData\SaveNewaAppz\WzPg_jf.dll [2014-05-23 372224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{618B5052-3223-4DC0-D148-7646944815D0}]
DigiiCoUPon - C:\ProgramData\DigiiCoUPon\HUDMFEzc.dll [2014-05-22 425472]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-17 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD7330BF-6348-C345-69FB-742F046268C5}]
SaveNEwaAppZ - C:\ProgramData\SaveNEwaAppZ\KVCg.dll [2014-04-08 425472]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-17 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-11-06 390168]
"OODefragTray"=C:\Program Files\OO Software\Defrag\oodtray.exe [2011-11-17 3994960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RSD_HDDThermo"=C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe [2005-04-01 215040]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2009-11-10 910136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\PROGRAM FILES\BitComet\BitComet.exe [2013-12-31 17257648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
C:\Program Files\TOSHIBA\TBS\HSON.exe [2009-03-09 52600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-03-08 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2009-06-02 423936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.2\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2009-11-06 166424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2009-01-13 34088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-10-31 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe [2011-11-17 3994960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2009-11-06 408600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files (x86)\Registry Mechanic\RMTray.exe [2009-10-14 292824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-10-21 8306208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher]
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2009-10-14 104408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2009-08-12 352256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-15 1870120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe [2010-03-02 1347496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
C:\Program Files\TOSHIBA\TECO\Teco.exe [2009-09-28 1482592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Online Product Information]
C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [2009-08-12 6203296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2009-10-15 1050000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosNC]
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosReelTimeMonitor]
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2012-04-04 38824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2009-11-05 709976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosWaitSrv]
C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2009-11-10 707416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2009-11-05 505696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2009-11-21 2454840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0 HD Edition.lnk]
C:\PROGRA~2\COMMON~1\PANASO~1\PHOTOF~1\AUTOST~1.EXE [2010-05-26 173056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
C:\PROGRA~2\ArcSoft\TOTALM~1.5\TMMONI~1.EXE [2009-11-03 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pavel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMCRemoteLauncher.lnk]
C:\Users\Pavel\AppData\Local\Pinnacle\TVC\Tools\PMCREM~1.EXE [2008-06-13 54544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pavel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~2\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-11 5225064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-10-30 268800]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe]
"Debugger="tasklist.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-12 00:23:16 ----D---- C:\Program Files\trend micro
2014-11-12 00:23:15 ----D---- C:\rsit
2014-11-12 00:01:06 ----D---- C:\Users\Pavel\AppData\Roaming\HDD Thermometer
2014-11-12 00:01:06 ----D---- C:\ProgramData\HDD Thermometer
2014-11-12 00:01:03 ----D---- C:\Program Files (x86)\HDD Thermometer
2014-11-11 23:58:41 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 23:58:41 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-11-11 23:58:41 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-11-11 23:57:45 ----D---- C:\Users\Pavel\AppData\Roaming\Malwarebytes
2014-11-11 23:57:27 ----D---- C:\ProgramData\Malwarebytes
2014-11-11 23:57:25 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-11 23:57:25 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-11-11 23:39:06 ----D---- C:\Users\Pavel\AppData\Roaming\AVAST Software
2014-11-11 23:38:48 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-11-11 23:38:48 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-11-11 23:38:48 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-11-11 23:38:48 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-11-11 23:38:48 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-11-11 23:38:48 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-11-11 23:38:47 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-11-11 23:38:46 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2014-11-11 23:38:44 ----A---- C:\Windows\system32\aswBoot.exe
2014-11-11 23:38:44 ----A---- C:\Windows\avastSS.scr
2014-11-11 23:37:56 ----D---- C:\Program Files\AVAST Software
2014-11-11 23:36:28 ----D---- C:\ProgramData\AVAST Software
2014-11-11 22:43:32 ----D---- C:\Users\Pavel\AppData\Roaming\BitComet
2014-11-11 22:28:35 ----D---- C:\Users\Pavel\AppData\Roaming\Mozilla
2014-11-11 22:28:20 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 22:28:17 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-11-11 20:23:09 ----D---- C:\Program Files (x86)\ExstrACouppon
2014-11-11 19:44:58 ----D---- C:\Windows\system32\oodag
2014-11-11 19:40:06 ----D---- C:\Program Files\OO Software
2014-11-11 19:29:43 ----D---- C:\Users\Pavel\AppData\Roaming\WinBatch
2014-11-11 18:55:34 ----D---- C:\Program Files (x86)\CleanUp!
2014-11-11 18:50:31 ----D---- C:\Users\Pavel\AppData\Roaming\Registry Mechanic
2014-11-11 18:45:21 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-11 18:45:15 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-11 18:45:15 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-11 18:45:13 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-11-11 18:45:12 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-11-11 18:45:12 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-11-11 18:45:12 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-11-11 18:45:12 ----A---- C:\Windows\system32\wksprtPS.dll
2014-11-11 18:45:12 ----A---- C:\Windows\system32\wksprt.exe
2014-11-11 18:45:12 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-11-11 18:45:12 ----A---- C:\Windows\system32\tsgqec.dll
2014-11-11 18:45:12 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-11-11 18:45:11 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-11-11 18:45:11 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-11-11 18:45:11 ----A---- C:\Windows\system32\mstsc.exe
2014-11-11 18:45:10 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-11-11 18:45:10 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-11-11 18:45:10 ----A---- C:\Windows\system32\mstscax.dll
2014-11-11 18:43:04 ----A---- C:\Windows\SYSWOW64\msxml.dll
2014-11-11 18:42:39 ----D---- C:\Program Files (x86)\Registry Mechanic
2014-11-11 18:41:48 ----D---- C:\Users\Pavel\AppData\Roaming\URSoft
2014-11-11 18:41:43 ----D---- C:\Program Files (x86)\Your Uninstaller 2010
2014-11-09 15:59:19 ----ASH---- C:\pagefile.sys
2014-10-26 13:28:40 ----D---- C:\Windows\rescache
2014-10-16 19:32:15 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2014-10-16 19:32:14 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2014-10-16 19:32:14 ----A---- C:\Windows\system32\mscorier.dll
2014-10-16 19:32:14 ----A---- C:\Windows\system32\dfshim.dll
2014-10-16 19:32:13 ----A---- C:\Windows\SYSWOW64\mscories.dll
2014-10-16 19:32:13 ----A---- C:\Windows\system32\mscories.dll
2014-10-16 19:32:11 ----A---- C:\Windows\system32\win32k.sys
2014-10-16 19:32:09 ----A---- C:\Windows\SYSWOW64\rastls.dll
2014-10-16 19:32:09 ----A---- C:\Windows\system32\rastls.dll
2014-10-16 19:31:59 ----A---- C:\Windows\system32\generaltel.dll
2014-10-16 19:31:58 ----A---- C:\Windows\system32\aepdu.dll
2014-10-16 19:31:56 ----A---- C:\Windows\system32\aeinv.dll
2014-10-16 19:31:55 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-10-16 19:31:55 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-10-16 19:31:55 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-10-16 19:31:54 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-10-16 19:31:54 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-16 19:31:53 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-10-16 19:31:53 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-10-16 19:31:53 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-16 19:31:53 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-10-16 19:31:53 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-10-16 19:31:53 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 19:31:53 ----A---- C:\Windows\system32\iernonce.dll
2014-10-16 19:31:53 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-10-16 19:31:52 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-10-16 19:31:51 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-10-16 19:31:50 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-10-16 19:31:50 ----A---- C:\Windows\system32\urlmon.dll
2014-10-16 19:31:50 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-16 19:31:49 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-10-16 19:31:49 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 19:31:49 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-10-16 19:31:48 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-10-16 19:31:48 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-10-16 19:31:48 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-16 19:31:48 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-16 19:31:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-10-16 19:31:47 ----A---- C:\Windows\system32\iesetup.dll
2014-10-16 19:31:46 ----A---- C:\Windows\system32\iertutil.dll
2014-10-16 19:31:45 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-10-16 19:31:45 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-10-16 19:31:45 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-10-16 19:31:44 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-10-16 19:31:44 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-10-16 19:31:44 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-10-16 19:31:44 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-16 19:31:43 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-10-16 19:31:43 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-10-16 19:31:42 ----A---- C:\Windows\system32\ieui.dll
2014-10-16 19:31:42 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-16 19:31:41 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-16 19:31:41 ----A---- C:\Windows\system32\ieframe.dll
2014-10-16 19:31:40 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-10-16 19:31:40 ----A---- C:\Windows\system32\jscript9diag.dll
2014-10-16 19:31:40 ----A---- C:\Windows\system32\jscript9.dll
2014-10-16 19:31:40 ----A---- C:\Windows\system32\ieUnatt.exe
2014-10-16 19:31:39 ----A---- C:\Windows\system32\wininet.dll
2014-10-16 19:31:39 ----A---- C:\Windows\system32\vbscript.dll
2014-10-16 19:31:39 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-16 19:31:38 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-16 19:31:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 19:31:37 ----A---- C:\Windows\system32\msrating.dll
2014-10-16 19:31:36 ----A---- C:\Windows\system32\mshtml.dll
2014-10-16 19:31:19 ----A---- C:\Windows\system32\msi.dll
2014-10-16 19:31:18 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-10-16 19:30:55 ----A---- C:\Windows\system32\rdpcorets.dll
2014-10-16 19:28:37 ----A---- C:\Windows\system32\termsrv.dll
2014-10-16 19:28:36 ----A---- C:\Windows\system32\winsta.dll
2014-10-16 19:28:35 ----A---- C:\Windows\SYSWOW64\winsta.dll
2014-10-16 19:28:35 ----A---- C:\Windows\system32\winlogon.exe
2014-10-16 19:28:35 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-16 19:28:35 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-16 19:28:34 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-10-16 19:28:34 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-10-16 19:28:34 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-16 19:28:34 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-16 19:28:34 ----A---- C:\Windows\system32\credssp.dll
2014-10-16 19:27:35 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-10-16 19:27:35 ----A---- C:\Windows\system32\packager.dll

======List of files/folders modified in the last 1 month======

2014-11-12 00:30:44 ----D---- C:\Windows\Temp
2014-11-12 00:29:28 ----A---- C:\Windows\SYSWOW64\rpcnetp.dll
2014-11-12 00:29:28 ----A---- C:\Windows\SYSWOW64\log.txt
2014-11-12 00:29:16 ----A---- C:\Windows\SYSWOW64\rpcnetp.exe
2014-11-12 00:29:16 ----A---- C:\Windows\system32\rpcnetp.exe
2014-11-12 00:23:16 ----RD---- C:\Program Files
2014-11-12 00:20:55 ----D---- C:\ProgramData\TiaKKeTheCoupon
2014-11-12 00:20:55 ----D---- C:\ProgramData\SaveNEwaAppZ
2014-11-12 00:20:55 ----D---- C:\ProgramData\Funn2SSave
2014-11-12 00:20:55 ----D---- C:\ProgramData\DigiiCoUPon
2014-11-12 00:20:55 ----D---- C:\Program Files (x86)\surf uand keeeP
2014-11-12 00:20:55 ----D---- C:\Program Files (x86)\surf aaned koeeep
2014-11-12 00:20:55 ----D---- C:\Program Files (x86)\Sk.Enabler
2014-11-12 00:20:55 ----D---- C:\Program Files (x86)\SearchNewTab
2014-11-12 00:20:54 ----D---- C:\Windows\Tasks
2014-11-12 00:20:54 ----D---- C:\Windows\system32\Tasks
2014-11-12 00:20:54 ----D---- C:\ProgramData\Assistant
2014-11-12 00:01:06 ----HD---- C:\ProgramData
2014-11-12 00:01:03 ----RD---- C:\Program Files (x86)
2014-11-11 23:58:41 ----D---- C:\Windows\system32\drivers
2014-11-11 23:44:33 ----D---- C:\Windows
2014-11-11 23:44:31 ----D---- C:\ProgramData\YoutubeAdblocker
2014-11-11 23:39:07 ----D---- C:\Windows\inf
2014-11-11 23:38:46 ----D---- C:\Windows\winsxs
2014-11-11 23:38:44 ----D---- C:\Windows\System32
2014-11-11 23:37:54 ----SHD---- C:\System Volume Information
2014-11-11 23:08:38 ----D---- C:\ProgramData\5f59a1841aa73245
2014-11-11 23:08:38 ----D---- C:\Program Files (x86)\YoutubeAdblocker
2014-11-11 22:43:37 ----D---- C:\Program Files\BitComet
2014-11-11 22:39:39 ----AD---- C:\ProgramData\TEMP
2014-11-11 22:29:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-11 22:24:25 ----D---- C:\ProgramData\ExstrACouppon
2014-11-11 22:24:25 ----D---- C:\Program Files (x86)\Spyware Terminator
2014-11-11 19:40:18 ----SHD---- C:\Windows\Installer
2014-11-11 19:31:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-11-11 19:31:33 ----D---- C:\Program Files\TOSHIBA
2014-11-11 19:05:37 ----D---- C:\Windows\system32\config
2014-11-11 19:03:55 ----SD---- C:\Users\Pavel\AppData\Roaming\Microsoft
2014-11-11 19:01:30 ----D---- C:\Program Files\Microsoft Security Client
2014-11-11 18:50:41 ----D---- C:\Windows\SYSWOW64\wbem
2014-11-11 18:50:41 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-11-11 18:50:41 ----D---- C:\Windows\SysWOW64
2014-11-11 18:50:41 ----D---- C:\Windows\system32\wbem
2014-11-11 18:50:41 ----D---- C:\Windows\system32\DriverStore
2014-11-11 18:50:41 ----D---- C:\Windows\system32\drivers\en-US
2014-11-11 18:50:41 ----D---- C:\Windows\system32\cs-CZ
2014-11-11 18:45:32 ----D---- C:\Windows\system32\catroot2
2014-11-11 18:45:32 ----D---- C:\Windows\system32\catroot
2014-11-11 18:45:22 ----D---- C:\totalcmd
2014-11-11 18:42:50 ----D---- C:\Program Files (x86)\Common Files
2014-11-11 17:50:03 ----D---- C:\Windows\Prefetch
2014-11-11 12:25:13 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2014-11-10 23:00:50 ----D---- C:\Program Files (x86)\The KMPlayer
2014-11-08 23:07:40 ----D---- C:\Windows\SoftwareDistribution
2014-10-30 12:25:26 ----N---- C:\Windows\system32\MpSigStub.exe
2014-10-19 11:25:11 ----D---- C:\Windows\Microsoft.NET
2014-10-19 10:37:16 ----RSD---- C:\Windows\assembly
2014-10-19 10:12:59 ----D---- C:\Windows\debug
2014-10-19 10:03:03 ----SD---- C:\Windows\system32\CompatTel
2014-10-19 10:03:03 ----D---- C:\Program Files\Internet Explorer
2014-10-19 10:03:02 ----D---- C:\Windows\SYSWOW64\en-US
2014-10-19 10:03:02 ----D---- C:\Windows\system32\en-US
2014-10-19 10:03:01 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-17 09:44:03 ----D---- C:\ProgramData\Microsoft Help
2014-10-17 09:38:42 ----D---- C:\Windows\system32\MRT
2014-10-17 04:26:31 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-11-11 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-11-11 267632]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2009-07-30 44912]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\Windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-11-11 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-11 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-11-11 436624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-11-11 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-11-11 83280]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\Windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-10-30 7770048]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-10-21 2013856]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2011-06-20 1225832]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-10-15 307760]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-11-11 116728]
S3 atikmdag;atikmdag; C:\Windows\system32\drivers\atikmdag.sys [2009-07-13 5020672]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-02-22 11776]
S3 mod7700;DiBcom DIB7700 based TV tuner device; C:\Windows\system32\DRIVERS\mod7700.sys [2008-06-16 630528]
S3 MODRC;PCTV Infrared Receiver; C:\Windows\system32\DRIVERS\modrc.sys [2007-11-09 24200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-22 225280]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 44320]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 117152]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-10-26 38944]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-03-02 121344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2010-03-02 67312]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-11 50344]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\SysWOW64\bgsvcgen.exe [2007-06-15 145504]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-11-05 489312]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 136176]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17 257416]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files\BitComet\tools\BitCometService.exe [2013-11-29 1296728]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-07 114288]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-10 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 12 lis 2014 01:58

Zdravim

Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7

Aktualizujte Adobe Reader na aktualni verzi XI. Spustte Adobe Reader a nahore klik na Napoveda -> Zkontrolovat aktualizace.

Odinstalujte

Spyware Terminator
Microsoft Security Essentials

Vidim vcera (respektive v utery) nainstalovany Malwarebytes Anti-Malware. Skenoval jste jim PC? Pokud ano, poslete log s nalezy.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Clean
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

dokken · #3 Příspěvek od **dokken** » 12 lis 2014 09:42

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12.11.2014
Čas skenování: 9:23:09
Protokol: atm.txt
Správce: Ano

Verze: 2.00.3.1025
Databáze malwaru: v2014.11.12.05
Databáze rootkitů: v2014.11.11.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Pavel

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 325088
Uplynulý čas: 16 min, 32 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 1
PUP.Optional.DataMngr.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Žádná akce od uživatele, [e5006cce80fc8da95c99602281837c84],

Hodnoty registru: 1
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-4060771801-2334283561-3954698331-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Žádná akce od uživatele, [469fe05a592387af93a6276a00042ad6]

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 2
PUP.Optional.SearchNewTab.A, C:\Program Files (x86)\SearchNewTab, Žádná akce od uživatele, [875ee456cfad5fd78bc0ef9e05ff0df3],
PUP.Optional.SearchNewTab, C:\ProgramData\SearchNewTab, Žádná akce od uživatele, [b233eb4fa8d4d75f90c37b869c67d52b],

Soubory: 4
PUP.Optional.SearchNewTab.A, C:\Program Files (x86)\SearchNewTab\Hmg.tlb, Žádná akce od uživatele, [875ee456cfad5fd78bc0ef9e05ff0df3],
PUP.Optional.SearchNewTab.A, C:\Program Files (x86)\SearchNewTab\Hmg.dat, Žádná akce od uživatele, [875ee456cfad5fd78bc0ef9e05ff0df3],
PUP.Optional.SearchNewTab.A, C:\Program Files (x86)\SearchNewTab\nB6E.dat, Žádná akce od uživatele, [875ee456cfad5fd78bc0ef9e05ff0df3],
PUP.Optional.SearchNewTab.A, C:\Program Files (x86)\SearchNewTab\nB6E.tlb, Žádná akce od uživatele, [875ee456cfad5fd78bc0ef9e05ff0df3],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)

(end)
.............................................................................................................................................................
# AdwCleaner v4.101 - Report created 12/11/2014 at 09:18:51
# Updated 09/11/2014 by Xplode
# Database : 2014-11-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Pavel - PAVEL-TOSH
# Running from : C:\Users\Pavel\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Assistant
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\DigiiCoUPon
Folder Deleted : C:\ProgramData\ExstrACouppon
Folder Deleted : C:\ProgramData\Funn2SSave
Folder Deleted : C:\ProgramData\Mini - Adblocker
Folder Deleted : C:\ProgramData\SaveNEwaAppZ
Folder Deleted : C:\ProgramData\surf aaned koeeep
Folder Deleted : C:\ProgramData\surf annd keep
Folder Deleted : C:\ProgramData\surf uand keeeP
Folder Deleted : C:\ProgramData\TiaKKeTheCoupon
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\5f59a1841aa73245
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Deleted : C:\Program Files (x86)\registry mechanic
Folder Deleted : C:\Program Files (x86)\PANDORA.TV
Folder Deleted : C:\Program Files (x86)\ExstrACouppon
Folder Deleted : C:\Program Files (x86)\SaveNEwaAppZ
Folder Deleted : C:\Program Files (x86)\TiaKKeTheCoupon
Folder Deleted : C:\Program Files (x86)\YoutubeAdblocker
Folder Deleted : C:\Users\Pavel\AppData\LocalLow\AlterGeo
Folder Deleted : C:\Users\Pavel\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\Pavel\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\Users\Pavel\Documents\Optimizer Pro
File Deleted : C:\Users\Pavel\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\Pavel\AppData\Roaming\regsvr32.exe_log.txt

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\Classes\DiggiCouponi.DiggiCouponi
Key Deleted : HKLM\SOFTWARE\Classes\DiggiCouponi.DiggiCouponi.5.3
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{618B5052-3223-4DC0-D148-7646944815D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{618B5052-3223-4DC0-D148-7646944815D0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{618B5052-3223-4DC0-D148-7646944815D0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{618B5052-3223-4DC0-D148-7646944815D0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{618B5052-3223-4DC0-D148-7646944815D0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{618B5052-3223-4DC0-D148-7646944815D0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v33.1 (x86 cs)

-\\ Google Chrome v33.0.1750.154

[C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchguru.info/?l=1&q={searchTerms}&pid=356&r=2013/12/13&hid=7810097695067078246&lg=EN&cc=CZ&unqvl=43
[C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=393&systemid=1&v=n10569-195&apn_uid=0196852104244424&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
[C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.gboxapp.com/

*************************

AdwCleaner[R0].txt - [13562 octets] - [12/11/2014 09:08:24]
AdwCleaner[S0].txt - [10663 octets] - [12/11/2014 09:18:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10724 octets] ##########

#4 Příspěvek od **altrok** » 12 lis 2014 09:44

Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm

spustte jako spravce
do velkeho okna zkopirujte script uvedeny nize
kliknete na Run script
po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi
Kód: Vybrat vše
```
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
```

dokken · #5 Příspěvek od **dokken** » 12 lis 2014 10:18

Zoek.exe v5.0.0.0 Updated 11-November-2014
Tool run by Pavel on st 12.11.2014 at 9:48:56,58.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pavel\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12.11.2014 9:49:58 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4060771801-2334283561-3954698331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD7330BF-6348-C345-69FB-742F046268C5} deleted successfully
HKEY_USERS\S-1-5-21-4060771801-2334283561-3954698331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD7330BF-6348-C345-69FB-742F046268C5} deleted successfully
HKEY_USERS\S-1-5-21-4060771801-2334283561-3954698331-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD7330BF-6348-C345-69FB-742F046268C5} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD7330BF-6348-C345-69FB-742F046268C5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{CD7330BF-6348-C345-69FB-742F046268C5} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{CD7330BF-6348-C345-69FB-742F046268C5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD7330BF-6348-C345-69FB-742F046268C5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4060771801-2334283561-3954698331-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-4060771801-2334283561-3954698331-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D5D47440-0750-463D-BAEF-A47D02414806} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D5D47440-0750-463D-BAEF-A47D02414806} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\wp4vr1jv.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.cz/?gws_rd=ssl|https ... gws_rd=ssl");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\wp4vr1jv.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\Pavel\AppData\LocalLow\{2E1FE0BE-1B31-178F-5662-AFB6CFE9A1BF} deleted
C:\Users\Pavel\AppData\LocalLow\{3A7BE565-D382-4729-44D8-42EDB47789B0} deleted
C:\Users\Pavel\AppData\LocalLow\{4EC3F55D-E3A9-82C5-E377-780B8EC398D5} deleted
C:\Users\Pavel\AppData\LocalLow\{5500B85E-F68F-530E-05D7-F4CE8515639D} deleted
C:\Users\Pavel\AppData\LocalLow\{618B5052-3223-4DC0-D148-7646944815D0} deleted
C:\Users\Pavel\AppData\LocalLow\{8350F683-1597-2496-592B-156D4E79FEFA} deleted
C:\Users\Pavel\AppData\LocalLow\{864BE0CB-8625-1168-4E6F-DADA0606D612} deleted
C:\Users\Pavel\AppData\LocalLow\{8E3940C7-CDEF-A8CC-A21E-BBFC84515449} deleted
C:\Users\Pavel\AppData\LocalLow\{90CC20D3-4732-A748-F44E-48F83C8E20C5} deleted
C:\Users\Pavel\AppData\LocalLow\{CD7330BF-6348-C345-69FB-742F046268C5} deleted
C:\Users\Pavel\AppData\Local\Packages\windows_ie_ac_001\AC\{2E1FE0BE-1B31-178F-5662-AFB6CFE9A1BF} deleted
C:\Users\Pavel\AppData\Local\Packages\windows_ie_ac_001\AC\{3A7BE565-D382-4729-44D8-42EDB47789B0} deleted
C:\Users\Pavel\AppData\Local\Packages\windows_ie_ac_001\AC\{4EC3F55D-E3A9-82C5-E377-780B8EC398D5} deleted
C:\Users\Pavel\AppData\Local\Packages\windows_ie_ac_001\AC\{5500B85E-F68F-530E-05D7-F4CE8515639D} deleted
C:\Users\Pavel\AppData\Local\Packages\windows_ie_ac_001\AC\{618B5052-3223-4DC0-D148-7646944815D0} deleted
C:\Users\Pavel\AppData\Local\Packages\windows_ie_ac_001\AC\{8350F683-1597-2496-592B-156D4E79FEFA} deleted
C:\Users\Pavel\AppData\Local\Packages\windows_ie_ac_001\AC\{864BE0CB-8625-1168-4E6F-DADA0606D612} deleted
C:\Users\Pavel\AppData\Local\Packages\windows_ie_ac_001\AC\{8E3940C7-CDEF-A8CC-A21E-BBFC84515449} deleted
C:\Users\Pavel\AppData\Local\Packages\windows_ie_ac_001\AC\{90CC20D3-4732-A748-F44E-48F83C8E20C5} deleted
C:\Users\Pavel\AppData\Local\Packages\windows_ie_ac_001\AC\{CD7330BF-6348-C345-69FB-742F046268C5} deleted
C:\PROGRA~3\061 deleted
C:\PROGRA~3\SearchNewTab deleted
C:\PROGRA~2\SearchNewTab deleted
C:\PROGRA~2\Photo-Service deleted
C:\PROGRA~3\ICQ deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Pavel\AppData\LocalLow\{3E9B4059-ACA6-89F0-8A42-8154CFB39E61} deleted
C:\Users\Pavel\AppData\LocalLow\{890BBA45-51B0-1706-FD24-C1FE0EC31EB2} deleted
C:\Users\Pavel\AppData\LocalLow\{A5D51BC5-2787-F5FB-E697-8F479DB2970A} deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Pavel\AppData\Roaming\Vso" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\wp4vr1jv.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\wp4vr1jv.default
F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash
0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Pavel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

==== Chromium Look ======================

BookmarkTube - Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeflfnmimgomhbkgpfcbcbaeglaonbdc

==== Chromium Startpages ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "https://www.google.cz/" ],

==== Chromium Fix ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeflfnmimgomhbkgpfcbcbaeglaonbdc deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.cz/"
"Default_Page_URL"="http://www.google.com/ig/redirectdomain ... &bmod=TSEH"
"ICQ Search"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="https://www.google.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
{44D31CB4-21CF-454E-983A-88EDD7C511D3} Centrum.cz Search Url="http://search.centrum.cz/index.php?q={s ... trum-1.0.0"
{5B2EF427-0481-47C4-9AAF-29A2D6D66EDA} eBay Url="http://rover.ebay.com/rover/1/710-71511 ... earchTerms}"
{692D1E1D-7C75-4F51-9619-3DE8502C01E7} Amazon Url="http://www.amazon.co.uk/gp/search?ie=UT ... nkCode=ur2"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... EH_csCZ383"

==== Reset Google Chrome ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Pavel\AppData\Local\Mozilla\Firefox\Profiles\599szl3b.default\cache2 emptied successfully
C:\Users\Pavel\AppData\Local\Mozilla\Firefox\Profiles\wp4vr1jv.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=931 folders=71 36699121 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pavel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Pavel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on st 12.11.2014 at 10:09:23,11 ======================

#6 Příspěvek od **altrok** » 12 lis 2014 10:56

Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

dokken · #7 Příspěvek od **dokken** » 12 lis 2014 11:04

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Pavel (administrator) on PAVEL-TOSH on 12-11-2014 11:02:31
Running from C:\Users\Pavel\Desktop
Loaded Profile: Pavel (Available profiles: Pavel)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Windows\System32\rpcnetp.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
() C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3994960 2011-11-17] (O&O Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-11] (AVAST Software)
HKLM-x32\...\Run: [HTC Sync Loader] => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4060771801-2334283561-3954698331-1000\...\Run: [RSD_HDDThermo] => C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe [215040 2005-04-01] ()
HKU\S-1-5-21-4060771801-2334283561-3954698331-1000\...\MountPoints2: {25583f13-754d-11df-838c-705ab6ba637f} - F:\TVCenterPro.exe -autorun
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {44D31CB4-21CF-454E-983A-88EDD7C511D3} URL = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
SearchScopes: HKCU - {5B2EF427-0481-47C4-9AAF-29A2D6D66EDA} URL = http://rover.ebay.com/rover/1/710-71511 ... earchTerms}
SearchScopes: HKCU - {692D1E1D-7C75-4F51-9619-3DE8502C01E7} URL = http://www.amazon.co.uk/gp/search?ie=UT ... nkCode=ur2
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\wp4vr1jv.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Seznam
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.cz
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4060771801-2334283561-3954698331-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Pavel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\wp4vr1jv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-11]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "https://www.google.cz/"
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-12]
CHR Extension: (Peněženka Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ameisvc; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [67312 2010-03-02] (Gemfor s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-11] (AVAST Software)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
S4 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3273552 2011-11-17] (O&O Software GmbH)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2009-10-14] (PC Tools)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-11] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [630528 2008-06-16] (DiBcom SA)
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-11-09] (DiBcom S.A.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [117152 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [44320 2009-10-05] (Realtek)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 11:02 - 2014-11-12 11:03 - 00014574 _____ () C:\Users\Pavel\Desktop\FRST.txt
2014-11-12 11:01 - 2014-11-12 11:02 - 00000000 ____D () C:\FRST
2014-11-12 11:01 - 2014-11-12 11:01 - 02116096 _____ (Farbar) C:\Users\Pavel\Desktop\FRST64.exe
2014-11-12 10:56 - 2014-11-12 10:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-12 10:55 - 2014-11-12 10:56 - 00000056 _____ () C:\Windows\setupact.log
2014-11-12 10:55 - 2014-11-12 10:55 - 00005662 _____ () C:\Windows\PFRO.log
2014-11-12 10:53 - 2014-11-12 10:53 - 00003924 _____ () C:\Windows\System32\Tasks\KMS Activation for Office
2014-11-12 10:53 - 2010-07-07 04:52 - 00386923 _____ () C:\Windows\KMSAct.exe
2014-11-12 10:45 - 2014-11-12 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-11-12 10:45 - 2014-11-12 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-11-12 10:43 - 2014-11-12 10:43 - 00000000 ____D () C:\Windows\PCHEALTH
2014-11-12 10:43 - 2014-11-12 10:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-11-12 10:42 - 2014-11-12 10:42 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-11-12 10:41 - 2014-11-12 10:41 - 00000000 ____D () C:\rsit
2014-11-12 10:41 - 2014-11-12 10:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-11-12 10:41 - 2014-11-12 10:41 - 00000000 ____D () C:\AdwCleaner
2014-11-12 10:40 - 2014-11-12 10:40 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-11-12 10:15 - 2014-11-12 10:16 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Software4u
2014-11-12 10:15 - 2014-11-12 10:15 - 00021979 _____ () C:\Windows\system32\msmsf2.dll
2014-11-12 10:15 - 2014-11-12 10:15 - 00000000 ____D () C:\ProgramData\Software4u
2014-11-12 10:14 - 2014-11-12 10:14 - 00000000 ____D () C:\Program Files (x86)\Software4u
2014-11-12 10:07 - 2014-11-12 09:48 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-12 10:01 - 2014-11-12 10:09 - 00000000 ____D () C:\zoek
2014-11-12 09:48 - 2014-11-12 10:04 - 00000000 ____D () C:\zoek_backup
2014-11-12 09:47 - 2014-11-12 09:48 - 01294848 _____ () C:\Users\Pavel\Desktop\zoek.exe
2014-11-12 09:07 - 2014-11-12 09:07 - 02140160 _____ () C:\Users\Pavel\Desktop\adwcleaner_4.101.exe
2014-11-12 09:02 - 2014-11-12 09:02 - 07417856 _____ () C:\Users\Pavel\s-1-5-21-4060771801-2334283561-3954698331-1000.rrr
2014-11-12 08:52 - 2014-11-12 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)
2014-11-12 08:45 - 2014-11-12 10:56 - 00000000 ____D () C:\Users\Pavel\AppData\Local\Htc
2014-11-12 08:44 - 2014-11-12 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
2014-11-12 02:49 - 2014-11-12 02:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-11-12 00:33 - 2014-11-12 09:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 00:23 - 2014-11-12 00:31 - 00000000 ____D () C:\Program Files\trend micro
2014-11-12 00:22 - 2014-11-12 00:22 - 01222144 _____ () C:\Users\Pavel\Desktop\RSITx64.exe
2014-11-12 00:01 - 2014-11-12 10:56 - 00000000 ____D () C:\ProgramData\HDD Thermometer
2014-11-12 00:01 - 2014-11-12 00:01 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Thermometer
2014-11-12 00:01 - 2014-11-12 00:01 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\HDD Thermometer
2014-11-12 00:01 - 2014-11-12 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Thermometer
2014-11-12 00:01 - 2014-11-12 00:01 - 00000000 ____D () C:\Program Files (x86)\HDD Thermometer
2014-11-11 23:58 - 2014-11-11 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 23:58 - 2014-11-11 23:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 23:58 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 23:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-11 23:57 - 2014-11-11 23:58 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Malwarebytes
2014-11-11 23:57 - 2014-11-11 23:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-11 23:57 - 2014-11-11 23:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-11 23:57 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-11 23:39 - 2014-11-11 23:39 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\AVAST Software
2014-11-11 23:39 - 2014-11-11 23:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-11 23:38 - 2014-11-11 23:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-11 23:38 - 2014-11-11 23:38 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-11 23:38 - 2014-11-11 23:38 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-11 23:38 - 2014-11-11 23:38 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-11 23:38 - 2014-11-11 23:38 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-11 23:38 - 2014-11-11 23:38 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-11 23:38 - 2014-11-11 23:38 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-11 23:38 - 2014-11-11 23:38 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-11 23:38 - 2014-11-11 23:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-11 23:38 - 2014-11-11 23:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-11 23:38 - 2014-11-11 23:38 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-11 23:37 - 2014-11-11 23:37 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-11 23:36 - 2014-11-11 23:37 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-11 22:43 - 2014-11-12 08:55 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\BitComet
2014-11-11 22:28 - 2014-11-11 22:28 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-11 22:28 - 2014-11-11 22:28 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Mozilla
2014-11-11 22:28 - 2014-11-11 22:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 22:28 - 2014-11-11 22:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-11 22:24 - 2014-11-12 10:55 - 00012760 _____ () C:\Windows\system32\oodbs.lor
2014-11-11 19:44 - 2014-11-11 19:44 - 00000000 ____D () C:\Windows\system32\oodag
2014-11-11 19:40 - 2014-11-11 19:40 - 00000000 ____D () C:\Users\Pavel\AppData\Local\O&O
2014-11-11 19:40 - 2014-11-11 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
2014-11-11 19:40 - 2014-11-11 19:40 - 00000000 ____D () C:\Program Files\OO Software
2014-11-11 19:29 - 2014-11-11 19:29 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\WinBatch
2014-11-11 19:16 - 2014-11-11 19:16 - 00199187 _____ () C:\Users\Pavel\Desktop\bookmarks-2014-11-11.json
2014-11-11 19:16 - 2014-11-11 19:16 - 00155117 _____ () C:\Users\Pavel\Desktop\bookmarks.html
2014-11-11 18:55 - 2014-11-11 18:55 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2014-11-11 18:55 - 2014-11-11 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
2014-11-11 18:55 - 2014-11-11 18:55 - 00000000 ____D () C:\Program Files (x86)\CleanUp!
2014-11-11 18:45 - 2014-11-11 18:45 - 00000000 ____D () C:\Users\Pavel\AppData\Local\GHISLER
2014-11-11 18:45 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-11 18:45 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-11 18:45 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-11 18:45 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-11 18:45 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-11 18:45 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-11 18:45 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-11 18:45 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-11 18:45 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-11 18:45 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-11 18:45 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-11 18:45 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-11 18:45 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-11 18:45 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-11 18:45 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-11 18:45 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-11 18:45 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-11 18:45 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-11 18:43 - 2008-04-02 16:54 - 01101824 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2014-11-11 18:43 - 2008-04-02 16:53 - 00880640 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2014-11-11 18:43 - 2008-04-02 16:53 - 00212992 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2014-11-11 18:43 - 2004-08-04 08:00 - 00506368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2014-11-11 18:41 - 2014-11-11 18:41 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\URSoft
2014-11-11 18:41 - 2014-11-11 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller 2010
2014-11-11 18:41 - 2014-11-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Your Uninstaller 2010
2014-11-11 18:05 - 2014-11-11 18:05 - 00000004 _____ () C:\Users\Pavel\AppData\Roaming\appdataFr2.bin
2014-11-08 23:06 - 2014-11-12 10:59 - 00288016 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 13:28 - 2014-11-12 01:10 - 00000000 ____D () C:\Windows\rescache
2014-10-16 19:32 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 19:32 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 19:32 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 19:32 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:32 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 19:32 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 19:32 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:32 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 19:32 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 19:31 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 19:31 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 19:31 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 19:31 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 19:31 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 19:31 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 19:31 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 19:31 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 19:31 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 19:31 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 19:31 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 19:31 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 19:31 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 19:31 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 19:31 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 19:31 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 19:31 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 19:31 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 19:31 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 19:31 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 19:31 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 19:31 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 19:31 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 19:31 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 19:31 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 19:31 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 19:31 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 19:31 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 19:31 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 19:31 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 19:31 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 19:31 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 19:31 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 19:31 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 19:31 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 19:31 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 19:31 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 19:31 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 19:31 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 19:31 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 19:31 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 19:31 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 19:31 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 19:31 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 19:31 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 19:31 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 19:31 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 19:31 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 19:31 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 19:31 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 19:31 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 19:31 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 19:31 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 19:31 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 19:31 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 19:31 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 19:31 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 19:31 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 19:31 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 19:31 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 19:31 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 19:30 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 19:28 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 19:28 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 19:28 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 19:28 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 19:28 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 19:28 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 19:28 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 19:28 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 19:28 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 19:28 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 19:28 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 19:27 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 19:27 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 10:58 - 2009-07-14 05:45 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 10:58 - 2009-07-14 05:45 - 00019248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 10:56 - 2014-09-07 00:46 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-11-12 10:56 - 2010-06-13 09:38 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 10:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 10:55 - 2014-09-07 00:46 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-11-12 10:55 - 2014-09-07 00:46 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-11-12 10:55 - 2009-07-14 05:45 - 00420048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 10:47 - 2010-03-11 12:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 10:44 - 2009-07-14 16:36 - 00000000 ____D () C:\Windows\ShellNew
2014-11-12 10:44 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-11-12 10:43 - 2010-03-11 12:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-12 10:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-12 10:40 - 2009-07-14 03:34 - 00000510 _____ () C:\Windows\win.ini
2014-11-12 10:19 - 2010-06-13 09:38 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 10:16 - 2013-12-13 19:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-12 10:12 - 2010-06-13 09:38 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 10:12 - 2010-06-13 09:38 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 09:45 - 2010-06-11 11:21 - 00079568 _____ () C:\Users\Pavel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 09:03 - 2009-07-14 06:08 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-12 09:02 - 2010-06-11 11:17 - 00000000 ____D () C:\Users\Pavel
2014-11-12 08:59 - 2011-12-04 14:47 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\HTC
2014-11-12 08:56 - 2013-04-16 08:31 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-11-12 08:44 - 2011-12-04 14:47 - 00003618 _____ () C:\Windows\System32\Tasks\Launch HTC Sync Loader
2014-11-12 08:44 - 2011-12-04 14:45 - 00000000 ____D () C:\Program Files (x86)\HTC
2014-11-12 08:43 - 2011-12-04 14:46 - 00000000 ____D () C:\Users\Pavel\AppData\Local\Downloaded Installations
2014-11-12 02:55 - 2010-03-11 12:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-11-12 02:01 - 2010-03-11 11:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-11-12 02:01 - 2010-03-11 11:55 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-11-12 02:01 - 2010-03-11 11:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-12 01:41 - 2009-07-14 16:18 - 00669132 _____ () C:\Windows\system32\perfh005.dat
2014-11-12 01:41 - 2009-07-14 16:18 - 00141760 _____ () C:\Windows\system32\perfc005.dat
2014-11-12 01:41 - 2009-07-14 06:13 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 22:43 - 2014-04-23 18:25 - 00000000 ____D () C:\Program Files\BitComet
2014-11-11 22:24 - 2013-12-17 12:42 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-11-11 19:01 - 2011-01-26 08:03 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-11-11 19:01 - 2011-01-26 08:02 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-11 18:52 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-11 18:45 - 2011-02-03 19:01 - 00000000 ____D () C:\totalcmd
2014-11-11 12:25 - 2010-08-07 13:53 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Skype
2014-10-30 12:25 - 2010-06-13 09:33 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-19 10:03 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 09:38 - 2013-08-05 13:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 04:26 - 2010-08-07 13:38 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-08 02:25

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Pavel at 2014-11-12 11:03:30
Running from C:\Users\Pavel\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.307 - ArcSoft)
Asistent pro přihlášení ke službě Windows Live (HKLM-x32\...\{3E62B27C-342F-4B44-9331-CA4BC59A586F}) (Version: 5.000.818.5 - Microsoft Corporation)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Balíček ovladače systému Windows - Pinnacle Systems PCTV 73e, PCTV 74e, PCTV 2000e, PCTV 2001, PCTV DVB-T Flash Stick (280e) (11/08/2007 3.11.0.0) (HKLM\...\F481E1666DA44F874E040866A12C4435AD99BF99) (Version: 11/08/2007 3.11.0.0 - Pinnacle Systems)
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
Combined Community Codec Pack 2010-10-10 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2010.10.10.0 - CCCP Project)
ConvertXtoDVD 4.1.7.343 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.7.343 - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
FastStone Image Viewer 4.2 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.2 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.122 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HDD Thermometer (HKLM-x32\...\HDD Thermometer) (Version: 1.3 - RSD Software Inc.)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.5.0.001 - HTC Corporation)
HTC Sync (HKLM-x32\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware verze 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 cs)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nastaveni hadrware TOSHIBA (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.18C - TOSHIBA CORPORATION)
Nástroj pro odesílání služby Windows Live (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{6D45EF03-E8EE-4355-81C3-F918CBCF1029}) (Version: 8.3.309 - Nero AG)
NOT ONLY TV (HKLM-x32\...\{213E2CCF-8265-444F-A6CA-40BD946A8D4A}) (Version: 1.00.0000 - Geniatech)
O&O Defrag Professional (HKLM\...\{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}) (Version: 15.0.107 - O&O Software GmbH)
OLYMPUS Master 2 (HKLM-x32\...\{9FA93155-472F-4778-87A8-95244FD1535D}) (Version: 1.0.11 - OLYMPUS IMAGING CORP.)
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.5-124 - myphotobook GmbH)
Photo Service - powered by myphotobook (x32 Version: 1.0.5 - myphotobook GmbH) Hidden
PHOTOfunSTUDIO 5.0 HD Edition (HKLM-x32\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.00.316 - Panasonic Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.5.0.77 - KMP Media co., Ltd)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.06-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Heslo správce (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
Toshiba TEMPRO (HKLM-x32\...\{14555947-6F14-421F-8F61-6489E0FDFAE5}) (Version: 3.08 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.34.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
TotalMedia Setup (HKLM-x32\...\{24C4BB38-F45D-4247-90B9-7E6CAA877FF3}) (Version: 1.00.0000 - Conexant)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
Výstraha HDD/SSD TOSHIBA (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.4 - TOSHIBA Corporation)
Výstraha HDD/SSD TOSHIBA (Version: 3.1.64.4 - TOSHIBA Corporation) Hidden
Výstraha HDD/SSD TOSHIBA (x32 Version: 3.1.64.4 - TOSHIBA Corporation) Hidden
Web'n'walk Manager (HKLM-x32\...\T-Mobile Communication Centre) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{068B46A0-8858-4CEB-80BC-A4AE787A05FC}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)
ZTE Drivers 1.2059.0.12 (HKLM-x32\...\{ACC9984D-E78B-4fcd-BE44-4E3F186DDA33}) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

11-11-2014 22:37:40 avast! antivirus system restore point
12-11-2014 01:00:04 Konfigurováno TOSHIBA ReelTime
12-11-2014 01:47:58 Installed Zkušební verze produktu Microsoft Office Professional Plus 2010
12-11-2014 01:50:36 Odebráno: Microsoft Office File Validation Add-In
12-11-2014 01:53:00 Removed Microsoft Office Home and Student 2007
12-11-2014 07:44:04 Installed HTC Sync.
12-11-2014 08:02:23 Made by Registry Mechanic
12-11-2014 08:46:07 Removed Microsoft Office Suite Activation Assistant.
12-11-2014 08:49:45 zoek.exe restore point
12-11-2014 09:39:47 Installed Zkušební verze produktu Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-12 09:50 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {057717AB-22D2-4241-9C22-828FC2D812AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000Core => C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15] (Facebook Inc.)
Task: {05D3BC74-C415-49D3-A644-DF7D2944D8A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)
Task: {0C3DC5FF-E806-455A-BA5C-8EBD3B79CB08} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {272D084C-F520-43B2-A8AC-9E2EA442369B} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe [2010-07-07] ()
Task: {2D9462F4-0976-4497-A780-7CC0ED893EBF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-11] (AVAST Software)
Task: {49EE909F-F96A-477F-B020-AD46B86C9D4F} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {595E180E-99E6-4FCB-A55F-2FE10D3DB659} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {921C2216-57AF-40BD-B7E9-15344535083E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17] (Adobe Systems Incorporated)
Task: {9A8D6F0B-53BD-4BAE-B38C-E27292C2EB15} - System32\Tasks\{4140F8B1-E407-427A-807F-103C067DE93B} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.112/en/a ... adyoffered
Task: {A00811A1-0081-4A97-B031-4B8B660E4A4D} - System32\Tasks\{94EFC16D-145A-4B2A-ABBB-7D165C6D48E5} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {BD1B325F-242F-4A5B-AEB5-9EA726EE2CE3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)
Task: {E71E5360-F73A-4F1E-97F6-D1C742CE3D02} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {F41F1EF9-AE09-4ED7-A6EA-978816672B6E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000UA => C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-15] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000Core.job => C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000UA.job => C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-09-07 00:46 - 2014-11-12 10:55 - 00017920 _____ () C:\Windows\System32\rpcnetp.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-08-01 13:36 - 2010-02-10 17:10 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2005-04-01 18:02 - 2005-04-01 18:02 - 00215040 _____ () C:\Program Files (x86)\HDD Thermometer\HDD Thermometer.exe
2013-09-03 11:58 - 2013-09-03 11:58 - 00659456 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2014-11-11 23:38 - 2014-11-11 23:38 - 02902016 _____ () C:\Program Files\AVAST Software\Avast\defs\14111104\algo.dll
2014-11-11 23:38 - 2014-11-11 23:38 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00109056 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00405504 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00159744 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00010240 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\ItemSyncLimit.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
2014-11-11 22:28 - 2014-11-07 01:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0 HD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 5.0 HD Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk => C:\Windows\pss\TMMonitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Pavel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMCRemoteLauncher.lnk => C:\Windows\pss\PMCRemoteLauncher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Pavel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk => C:\Windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BitComet => "C:\PROGRAM FILES\BitComet\BitComet.exe" /tray
MSCONFIG\startupreg: Facebook Update => "C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: HWSetup => "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
MSCONFIG\startupreg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
MSCONFIG\startupreg: OM2_Monitor => "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: T-Mobile Communication Centre => "C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TOSHIBA Online Product Information => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
MSCONFIG\startupreg: ToshibaServiceStation => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

========================= Accounts: ==========================

Administrator (S-1-5-21-4060771801-2334283561-3954698331-500 - Administrator - Disabled)
Guest (S-1-5-21-4060771801-2334283561-3954698331-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4060771801-2334283561-3954698331-1002 - Limited - Enabled)
Pavel (S-1-5-21-4060771801-2334283561-3954698331-1000 - Administrator - Enabled) => C:\Users\Pavel

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 10:54:23 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C032
Sku Id=8c5fa740-5dca-43f9-be1b-d0281bcf9779

Error: (11/12/2014 10:54:23 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C032

Error: (11/12/2014 10:54:21 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C032
Sku Id=8c5fa740-5dca-43f9-be1b-d0281bcf9779

Error: (11/12/2014 10:54:21 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C032

Error: (11/12/2014 10:54:07 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C032
Sku Id=8c5fa740-5dca-43f9-be1b-d0281bcf9779

Error: (11/12/2014 10:54:07 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C032

Error: (11/12/2014 10:54:04 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C032
Sku Id=8c5fa740-5dca-43f9-be1b-d0281bcf9779

Error: (11/12/2014 10:54:04 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C032

Error: (11/12/2014 10:53:09 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C032
Sku Id=8c5fa740-5dca-43f9-be1b-d0281bcf9779

Error: (11/12/2014 10:53:09 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0xC004C032

System errors:
=============
Error: (11/12/2014 10:56:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PandoraService neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/12/2014 10:09:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PandoraService neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/12/2014 10:01:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/12/2014 10:01:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/12/2014 10:01:54 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/12/2014 10:01:54 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/12/2014 10:01:53 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/12/2014 09:19:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba PandoraService neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/12/2014 09:18:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Management & Security Application User Notification Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/12/2014 09:18:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ConfigFree Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Microsoft Office Sessions:
=========================
Error: (11/12/2014 10:54:23 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0328c5fa740-5dca-43f9-be1b-d0281bcf9779

Error: (11/12/2014 10:54:23 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C03200010001(0x00000000, 10:54:22:784 - http://go.microsoft.com/fwlink/?LinkID=120752)
00020001(0x00000000, 10:54:22:799)
00030001(0x00000000, 10:54:22:799 - http://go.microsoft.com)
00030002(0x00000000, 10:54:22:799 - 1)
00020005(0x00000000, 10:54:22:799 - 0)
0002000C(0x00000000, 10:54:23:002 - 302)
0002000E(0x00000000, 10:54:23:002 - https://activation.sls.microsoft.com/sl ... ension=o14)
00020001(0x00000000, 10:54:23:002)
00030001(0x00000000, 10:54:23:002 - https://activation.sls.microsoft.com)
00030002(0x00000000, 10:54:23:002 - 1)
00020005(0x00000000, 10:54:23:002 - 0)
0002000C(0x00000000, 10:54:23:252 - 500)
00010002(0x8004FC01, 10:54:23:252 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap ... essage>153 (Activation) - [PA: New time based activation not available. ---> Time based activation is not available]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 10:54:23:252)

Error: (11/12/2014 10:54:21 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0328c5fa740-5dca-43f9-be1b-d0281bcf9779

Error: (11/12/2014 10:54:21 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C03200010001(0x00000000, 10:54:20:615 - http://go.microsoft.com/fwlink/?LinkID=120752)
00020001(0x00000000, 10:54:20:615)
00030001(0x00000000, 10:54:20:615 - http://go.microsoft.com)
00030002(0x00000000, 10:54:20:615 - 1)
00020005(0x00000000, 10:54:20:615 - 0)
0002000C(0x00000000, 10:54:20:787 - 302)
0002000E(0x00000000, 10:54:20:787 - https://activation.sls.microsoft.com/sl ... ension=o14)
00020001(0x00000000, 10:54:20:787)
00030001(0x00000000, 10:54:20:787 - https://activation.sls.microsoft.com)
00030002(0x00000000, 10:54:20:787 - 1)
00020005(0x00000000, 10:54:20:787 - 0)
0002000C(0x00000000, 10:54:21:021 - 500)
00010002(0x8004FC01, 10:54:21:021 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap ... essage>153 (Activation) - [PA: New time based activation not available. ---> Time based activation is not available]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 10:54:21:021)

Error: (11/12/2014 10:54:07 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0328c5fa740-5dca-43f9-be1b-d0281bcf9779

Error: (11/12/2014 10:54:07 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C03200010001(0x00000000, 10:54:06:747 - http://go.microsoft.com/fwlink/?LinkID=120752)
00020001(0x00000000, 10:54:06:747)
00030001(0x00000000, 10:54:06:747 - http://go.microsoft.com)
00030002(0x00000000, 10:54:06:747 - 1)
00020005(0x00000000, 10:54:06:747 - 0)
0002000C(0x00000000, 10:54:06:934 - 302)
0002000E(0x00000000, 10:54:06:934 - https://activation.sls.microsoft.com/sl ... ension=o14)
00020001(0x00000000, 10:54:06:934)
00030001(0x00000000, 10:54:06:934 - https://activation.sls.microsoft.com)
00030002(0x00000000, 10:54:06:934 - 1)
00020005(0x00000000, 10:54:06:934 - 0)
0002000C(0x00000000, 10:54:07:168 - 500)
00010002(0x8004FC01, 10:54:07:168 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap ... essage>153 (Activation) - [PA: New time based activation not available. ---> Time based activation is not available]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 10:54:07:168)

Error: (11/12/2014 10:54:04 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0328c5fa740-5dca-43f9-be1b-d0281bcf9779

Error: (11/12/2014 10:54:04 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C03200010001(0x00000000, 10:54:04:469 - http://go.microsoft.com/fwlink/?LinkID=120752)
00020001(0x00000000, 10:54:04:469)
00030001(0x00000000, 10:54:04:469 - http://go.microsoft.com)
00030002(0x00000000, 10:54:04:469 - 1)
00020005(0x00000000, 10:54:04:469 - 0)
0002000C(0x00000000, 10:54:04:641 - 302)
0002000E(0x00000000, 10:54:04:641 - https://activation.sls.microsoft.com/sl ... ension=o14)
00020001(0x00000000, 10:54:04:641)
00030001(0x00000000, 10:54:04:641 - https://activation.sls.microsoft.com)
00030002(0x00000000, 10:54:04:641 - 1)
00020005(0x00000000, 10:54:04:641 - 0)
0002000C(0x00000000, 10:54:04:906 - 500)
00010002(0x8004FC01, 10:54:04:906 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap ... essage>153 (Activation) - [PA: New time based activation not available. ---> Time based activation is not available]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 10:54:04:906)

Error: (11/12/2014 10:53:09 AM) (Source: Office Software Protection Platform Service) (EventID: 1014) (User: )
Description: hr=0xC004C0328c5fa740-5dca-43f9-be1b-d0281bcf9779

Error: (11/12/2014 10:53:09 AM) (Source: Office Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0xC004C03200010001(0x00000000, 10:53:08:730 - http://go.microsoft.com/fwlink/?LinkID=120752)
00020001(0x00000000, 10:53:08:746)
00030001(0x00000000, 10:53:08:746 - http://go.microsoft.com)
00030002(0x00000000, 10:53:08:746 - 1)
00020005(0x00000000, 10:53:08:746 - 0)
0002000C(0x00000000, 10:53:08:917 - 302)
0002000E(0x00000000, 10:53:08:917 - https://activation.sls.microsoft.com/sl ... ension=o14)
00020001(0x00000000, 10:53:08:917)
00030001(0x00000000, 10:53:08:917 - https://activation.sls.microsoft.com)
00030002(0x00000000, 10:53:08:917 - 1)
00020005(0x00000000, 10:53:08:917 - 0)
0002000C(0x00000000, 10:53:09:136 - 500)
00010002(0x8004FC01, 10:53:09:136 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap ... essage>153 (Activation) - [PA: New time based activation not available. ---> Time based activation is not available]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 10:53:09:136)

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 39%
Total physical RAM: 3893.61 MB
Available physical RAM: 2338.39 MB
Total Pagefile: 7785.39 MB
Available Pagefile: 5967.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:179.82 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:52.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2108C78B)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#8 Příspěvek od **altrok** » 12 lis 2014 11:20

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
C:\Program Files (x86)\ExstrACouppon
C:\ProgramData\TiaKKeTheCoupon
C:\ProgramData\SaveNEwaAppZ
C:\ProgramData\Funn2SSave
C:\ProgramData\DigiiCoUPon
C:\Program Files (x86)\surf uand keeeP
C:\Program Files (x86)\surf aaned koeeep
C:\Program Files (x86)\Sk.Enabler
C:\Program Files (x86)\SearchNewTab
C:\ProgramData\SearchNewTab
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKU\S-1-5-21-4060771801-2334283561-3954698331-1000\...\MountPoints2: {25583f13-754d-11df-838c-705ab6ba637f} - F:\TVCenterPro.exe -autorun
SearchScopes: HKCU - {44D31CB4-21CF-454E-983A-88EDD7C511D3} URL = http://search.centrum.cz/index.php?q={searchTerms}&toolbar=centrum-1.0.0
SearchScopes: HKCU - {5B2EF427-0481-47C4-9AAF-29A2D6D66EDA} URL = http://rover.ebay.com/rover/1/710-71511 ... 4?satitle={searchTerms}
SearchScopes: HKCU - {692D1E1D-7C75-4F51-9619-3DE8502C01E7} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [X]
2014-11-12 10:53 - 2014-11-12 10:53 - 00003924 _____ () C:\Windows\System32\Tasks\KMS Activation for Office
2014-11-12 10:53 - 2010-07-07 04:52 - 00386923 _____ () C:\Windows\KMSAct.exe
2014-11-12 10:07 - 2014-11-12 09:48 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-12 10:01 - 2014-11-12 10:09 - 00000000 ____D () C:\zoek
2014-11-12 09:48 - 2014-11-12 10:04 - 00000000 ____D () C:\zoek_backup
2014-11-12 09:47 - 2014-11-12 09:48 - 01294848 _____ () C:\Users\Pavel\Desktop\zoek.exe
2014-11-11 22:24 - 2013-12-17 12:42 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
Task: {272D084C-F520-43B2-A8AC-9E2EA442369B} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe [2010-07-07] ()
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000Core.job => C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000UA.job => C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
C:\Program Files\trend micro
Hosts:
EmptyTemp:
End

dokken · #9 Příspěvek od **dokken** » 12 lis 2014 11:41

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Pavel at 2014-11-12 11:24:46 Run:1
Running from C:\Users\Pavel\Desktop
Loaded Profile: Pavel (Available profiles: Pavel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
C:\Program Files (x86)\ExstrACouppon
C:\ProgramData\TiaKKeTheCoupon
C:\ProgramData\SaveNEwaAppZ
C:\ProgramData\Funn2SSave
C:\ProgramData\DigiiCoUPon
C:\Program Files (x86)\surf uand keeeP
C:\Program Files (x86)\surf aaned koeeep
C:\Program Files (x86)\Sk.Enabler
C:\Program Files (x86)\SearchNewTab
C:\ProgramData\SearchNewTab
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKU\S-1-5-21-4060771801-2334283561-3954698331-1000\...\MountPoints2: {25583f13-754d-11df-838c-705ab6ba637f} - F:\TVCenterPro.exe -autorun
SearchScopes: HKCU - {44D31CB4-21CF-454E-983A-88EDD7C511D3} URL = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
SearchScopes: HKCU - {5B2EF427-0481-47C4-9AAF-29A2D6D66EDA} URL = http://rover.ebay.com/rover/1/710-71511 ... 4?satitle={searchTerms}
SearchScopes: HKCU - {692D1E1D-7C75-4F51-9619-3DE8502C01E7} URL = http://www.amazon.co.uk/gp/search?ie=UT ... nkCode=ur2
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [X]
2014-11-12 10:53 - 2014-11-12 10:53 - 00003924 _____ () C:\Windows\System32\Tasks\KMS Activation for Office
2014-11-12 10:53 - 2010-07-07 04:52 - 00386923 _____ () C:\Windows\KMSAct.exe
2014-11-12 10:07 - 2014-11-12 09:48 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-12 10:01 - 2014-11-12 10:09 - 00000000 ____D () C:\zoek
2014-11-12 09:48 - 2014-11-12 10:04 - 00000000 ____D () C:\zoek_backup
2014-11-12 09:47 - 2014-11-12 09:48 - 01294848 _____ () C:\Users\Pavel\Desktop\zoek.exe
2014-11-11 22:24 - 2013-12-17 12:42 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
Task: {272D084C-F520-43B2-A8AC-9E2EA442369B} - System32\Tasks\KMS Activation for Office => C:\Windows\KMSAct.exe [2010-07-07] ()
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000Core.job => C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000UA.job => C:\Users\Pavel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
C:\Program Files\trend micro
Hosts:
EmptyTemp:
End

*****************

Processes closed successfully.
"C:\Program Files (x86)\ExstrACouppon" => File/Directory not found.
"C:\ProgramData\TiaKKeTheCoupon" => File/Directory not found.
"C:\ProgramData\SaveNEwaAppZ" => File/Directory not found.
"C:\ProgramData\Funn2SSave" => File/Directory not found.
"C:\ProgramData\DigiiCoUPon" => File/Directory not found.
"C:\Program Files (x86)\surf uand keeeP" => File/Directory not found.
"C:\Program Files (x86)\surf aaned koeeep" => File/Directory not found.
"C:\Program Files (x86)\Sk.Enabler" => File/Directory not found.
"C:\Program Files (x86)\SearchNewTab" => File/Directory not found.
"C:\ProgramData\SearchNewTab" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully.
"HKU\S-1-5-21-4060771801-2334283561-3954698331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25583f13-754d-11df-838c-705ab6ba637f}" => Key deleted successfully.
"HKCR\CLSID\{25583f13-754d-11df-838c-705ab6ba637f}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44D31CB4-21CF-454E-983A-88EDD7C511D3}" => Key deleted successfully.
"HKCR\CLSID\{44D31CB4-21CF-454E-983A-88EDD7C511D3}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B2EF427-0481-47C4-9AAF-29A2D6D66EDA}" => Key deleted successfully.
"HKCR\CLSID\{5B2EF427-0481-47C4-9AAF-29A2D6D66EDA}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{692D1E1D-7C75-4F51-9619-3DE8502C01E7}" => Key deleted successfully.
"HKCR\CLSID\{692D1E1D-7C75-4F51-9619-3DE8502C01E7}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
PanService => Service deleted successfully.
C:\Windows\System32\Tasks\KMS Activation for Office => Moved successfully.
C:\Windows\KMSAct.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Pavel\Desktop\zoek.exe => Moved successfully.
C:\Program Files (x86)\Spyware Terminator => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{272D084C-F520-43B2-A8AC-9E2EA442369B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{272D084C-F520-43B2-A8AC-9E2EA442369B}" => Key deleted successfully.
C:\Windows\System32\Tasks\KMS Activation for Office not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMS Activation for Office" => Key deleted successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4060771801-2334283561-3954698331-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 124.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#10 Příspěvek od **altrok** » 12 lis 2014 11:42

Takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

dokken · #11 Příspěvek od **dokken** » 12 lis 2014 11:54

už jsem se chtěl zeptat jak odinstalovat všechny tyto pomocníky a hle..jaká šikovná utilitka..
Milý pane...nádherná a blesková pomoc..nenálézám slova chvály

--------------------------------------
ještě taková drobnost, nevíte jak opravit ikonku u Nero?

když dám změnit ikonu ve vlastnostech tak se nic neděje

#12 Příspěvek od **altrok** » 12 lis 2014 12:06

Vycistete pocitac pomoci CCleaneru. Pokud Vam na te ikonce opravdu tolik zalezi, preinstalace samotneho Nera jiste problem vyresi

dokken · #13 Příspěvek od **dokken** » 12 lis 2014 12:14

děkuji, zkusím své pedanství trochu krotit

#14 Příspěvek od **altrok** » 12 lis 2014 12:18

Taky jsem puntickar, ale toto je opravdu jen taaaakhle mala drobnustka (jen kosmeticka vada... a dulezita je preci krasa vnitrni... teda funkcnost Nera)

Nemate zac, rad jsem pomohl

Mejte se a treba zase nekdy

VIRY.CZ

Poprosil bych o preventivku

Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku

Re: Poprosil bych o preventivku