Log po napadení malwarem

[Barthez01]

Zdravím,

prosím o kontrolu logu. PC byl napaden všemožnou havětí. Zkontrolováno a odstraněno pomocí Kaspersky Internet Security 2014.





Logfile of random's system information tool 1.10 (written by random/random)
Run by libor at 2014-12-28 11:19:25
Microsoft Windows 8.1
System drive C: has 147 GB (52%) free of 285 GB
Total RAM: 6030 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:26, on 28. 12. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Users\libor\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\libor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\libor\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\libor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O9 - Extra button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 10618 bytes

======Listing Processes======





wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe" -r
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
dashost.exe {059d5587-8fe8-4c83-a4bb6ce86669e80e}
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe"
"C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
taskhost.exe $(Arg0)
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe"
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe" -hidden /prefetch:1
taskhostex.exe
KBFiltr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"
szndesktop.exe default start
"C:\Users\libor\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\WINDOWS\system32\hkcmd.exe"
"C:\WINDOWS\system32\igfxtray.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"
"C:\Program Files\ASUS\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
taskeng.exe {8293B9F1-AA8F-4D7C-9B2B-E74C2B25717B}
C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe /c

"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
"C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2788.0.889480420\620000776" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,16 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0156 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3308 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="2788.1.231102823\1867630520" /prefetch:673131151
"C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="2788.2.1356681855\1913353651" /prefetch:673131151
"C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="2788.3.2091739188\1350293425" /prefetch:673131151
"C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="2788.4.1984305892\624691380" /prefetch:673131151
C:\WINDOWS\system32\cmd.exe /c "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe" --parent-window=0 chrome-extension://blbkdnmdcafmfhinpmnlhhddbepgkeaa/ < \\.\pipe\chrome.nativeMessaging.in.322b323f2e59b534 > \\.\pipe\chrome.nativeMessaging.out.322b323f2e59b534
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe" --parent-window=0 chrome-extension://blbkdnmdcafmfhinpmnlhhddbepgkeaa/
"C:\Users\libor\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_14/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="2788.9.2128091909\118128330" /prefetch:673131151
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\libor\Desktop\RSITx64.exe"
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 588 592 600 65536 596

======Scheduled tasks folder======

C:\WINDOWS\tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-3.job - C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-3.exe /rawdata=sthfQeD330DdJ69jsSYPyF0lBLiB787qjBveFwfbhXESPs4j/+hm0Qma9Mxo9qdmXggYpByXJ1VbpeltCN21ngicngqiJquS5Gl0cbOh0I3M5y3e7fBCU/i3ytkRIby5DwrdCwMkJfh95RU5keK4o8+0Mldy6iFcrc9KUM7BSfhbre5sangg8GC1GmSuTXDyQQ4z8HxWbDFIpR6rW6ZbwUWeda5OYL2GcN8RHQvyADOhys2+15skDv6ji/Tl7JpO8FOclDDrSdozO/JFzfe5udhaCGwGUtr4W1wJUnR1jTLathYZtaz98oq3qQfSrXtNGnnBYlSn4hSahytUypUd27Qxrw+PlrJ8/gYozXg9V8aWYL6EX0Z8YtamkP2KEP245bhJzYgtvI7dLvBRazKUf9UKi7wp7k52MiMq4BodXAr21548arRHL9VM8d8Z0lA6XZIfOgsOoyIwVP8mpXl/EqkLEKj7WO2KK8EVH90mKqpqsYml7t3vyq9caFZ4oEOKD04j8vWxT3jEwYXWkVKnAkMhVNcunHAiyGeOihJrWEyf0kC69oHHgeW5eEqHF8VO1zLJWnu2lHQ92jtEzlAmN6xwIsU+B23Nic5JIoHuLh9bdAz2wEskdRz8WHxlq3bLWbG4AXvcmD0s3v0l3TuASZCy6TztxJynGK8SKz0BlxPF9f1vUhyNVcGx6VypSX8dUlB5egy93ms9pZ4RHrWIMN2c16VnL9aYbQiNI3WUICw3VD+htO+kJHVY1zBci1ELylYCx5H4K/q4KEnTvlGomYC4h5mkitHDYjRotDc5LrSWuw7KZC1wuKWr5VUkNfy0x0kIigQMMfzGvCKT7lDiPLeO30UWgO5Q482r76tto7DwF9jzLXPmd0u6Vk7aZ16bzbP5u/d0BV86vtlS0NeW0r7vh9HuRRJdirjtBUngcHiwf4qR/Ril2z/3s+KhdzXjD4BxhVdTYB/kZV4WjnbY6OBJGEWqOYr0fs9wulfwAivY/uKzE2iDeM3x37Gtt+xwKapuLEERxqJbJFHvxqGOl3l0w/mvXCchOD3LdPt7P9GlDf2+LAPLbclbgC5+shCSj21c5B9zv27SwnR1XmiOl6ycorX+V3npQCyTqN4l2zhPjouFAUsj95nLe9BaR4FogBmx4Ynr19wPAZNkyHtaatOPnedTGCc2JAWZzbXQa0R1gFxFSTU87GBYWhzEusd3PSNfG/wRuVE440GJLuAI17/rx9iLr6EnkaaMFl+VSOAblvA4yKYcfSinG8XWMR/HERcnIeNsIMwUDk4Ec/FAbqfaSGxYHq71tdSR/DDLuj38tRYFeUAAUlj+tP1BeLj7qOfhfMjX7n0HM7IJqSCbm1zPIR2/oH06gvewD0tNCJocR1yMMj6F1DtlvUBeu+IOEqtoRG6N+gK8ot1+koJRS6oliJEk4HIN3EahO+7hw/ZKEpgJWGZnjGt0WnAqRJiBm0M4+QT6UNacelZ5epJUYXUcJVoYO2btSVMypSyyXGEVFJaqFh3XA0suVuFgc4st
C:\WINDOWS\tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-4.job - C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-4.exe /installxpi /agentregpath='iWebar' /extensionfilepath='C:\Program Files (x86)\iWebar\35510.xpi' /appid=35510 /srcid='000171' /subid='0' /zdata='eyJkYXRhIjp7ImRhdGUiOiJFM1V3c210eWMxLGNhMGFjZGEwLWViZTEtNDA4YS1hOTIxLWMzN2VmMDZkZWVjZSwiLCJ1bnEiOiJjYTBhY2RhMC1lYmUxLTQwOGEtYTkyMS1jMzdlZjA2ZGVlY2UifX0=' /bic=4E03219079A349E9B744A54C59F88BB1IE /verifier=fe3464c9d3a860922176c00281bf5697 /installerversion=1_34_3_28 /installerfullversion=1.34.3.28 /installationtime=1396169584 /statsdomain=http://stats.clientdataservice.com /errorsdomain=http://errors.clientdataservice.com /waitforbrowser=300 /extensionid=2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com /extensionversion=0.94 /prefsbranch=a2eb528f3950d48a3be4b5d7de6c8331ea41e199b6ca44d23ab8773f2d1973314com35510 /updateurl=https://w9u6a2p6.ssl.hwcdn.net/plugin/f ... /35510.rdf /extensionname='iWebar' /extensiondesc='iWebar' /publishername='iWebar' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='http://update.clientdataservice.com/ff_ ... pdate.json' /runfrom='task' /externallog=''
C:\WINDOWS\tasks\7c82d588-f306-4366-8f8b-71f85e442eb4-5.job - C:\Program Files (x86)\iWebar\7c82d588-f306-4366-8f8b-71f85e442eb4-5.exe /rawdata=OC/1WZm/pw8C45vZCYW5C7R1neVztZbviHLYswk6cZPHgjL6quHFSykkwaf0uqLIkmvHKneLy92Ug5bNH8hTUwcrrsN43FUbGd4gYn0aIVdM9J6Qt+pnH58scBZM9gvguImD7F3mM7T3eU83aZrtDigArXRj4MQmrWqEuzNXcIWiVci78lZgFG5zCeDV3ogqbOqwdfqYC1dH8Av+LAGT+6CisA9QrJX9pUl37JMp7NQF2lTKDkV09YrqGTmElY9QrekdVzJxJwFSX5XTX/AJSV531ZeFbfpYh5/aQAetxGlTXHnOwO8u3Vzo9lBObnZphSocEf2sdoEM7I3jZK4mAWY7hFz5nCPhEtSwJQRt8ul267abiEZpRJdpObT/vafk5lCYQhigeBr3QMRCA0cPofSIIlMJNnhm+My2uFHt0+MgYGbxlKS9oHZ1utegcC0iJ4m+eZhvGXwf14XyA9hxV8gdV1nPlr9bHlwmlS8oM/5Qir6IMic8rhrvUbtOr/5frQDUZKMmbAUMq3oSeP5Xwob9W5W5uSw/Wrxhzd6WuBh7NtZqoDFxs1+ORY3V87/K3JdBzo7V/+k7h4X5gx7V3fcV4A1G9fcjd1XYzRgRUJtSl+y4tmeq0E8DSI8oLMv4mUeIRJwPxoIubQFO7GPHziRuAXAqWkgpADG36IBuy7ey5W2EUgcRBGDa2n/EOz4fvvXP7OJ4ut958mFDpIcsLH3O9QI2a6WRr7aMLfUAp3Xgjc0x+eMDgsx4y774N7gdhMakrt3c5XSZUWW0LVMlELNnTPj6nl9lIDGrtWORHVxhhbfeu7xhad29mxjhOnaTg2XOnUFjdtyUqJIXEgHVyWGTw/a1B5ofO1u+LX6Uh72zOORZgAH5M+tmgdwa0wlgkXTrg7Xj+QZpHpXzNgmiu4lbw3v7OlZnaFql6IdgJm0n5d1oF+xlQWslsB9Boet/Q7spMW/xBtuYMdosiyUV8MPGHPFubOHQXNMr2kauL5lGJpJ9EjzVlkzj6djJc4hzHYBvjZGlhNnKtlQv6Wh28bhGx8zP3sOPNsHUCsGegMv3Az/KPsYpBjjiPs3pwKs1OxaWqeBNK+m6fApCGHyulkk/Zgt2NqUDa9fJYZBFRsfOT7M1AkylyyLbHLFCpP5O6ej08Ny6WVw4DYZvgQRmL+E9pf6bnVjxYiOgACpUvT8=
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001Core1cf139bb934e664.job - C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001UA1cf139bbacae710.job - C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-12-27 800448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-27 1535784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-03-27 66688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-12-27 550080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-12-27 996544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-12-27 655040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-27 1265448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-12-27 455360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-12-27 798912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"=C:\Program Files (x86)\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2006-10-17 398944]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2012-12-13 441968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-03-27 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-17 116648]
"cz.seznam.software.autoupdate"=C:\Users\libor\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\libor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"SPDriver"=C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe [2014-03-27 3318272]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSPRP]
C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2013-05-01 3187360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [2012-12-19 3576784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisableS3S4]
c:\windows\temp\DisableS3S464\sethigh.cmd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2013-10-01 771032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2013-10-01 391128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcpltui_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-28 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg]
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-05-20 1308232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-05-30 13550152]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2012-05-24 111120]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"SPDriver"=C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe [2014-03-27 3318272]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-03-27 132736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2013-10-01 623104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-12-28 11:15:27 ----D---- C:\rsit
2014-12-28 11:15:27 ----D---- C:\Program Files\trend micro
2014-12-28 11:11:25 ----D---- C:\Program Files\CCleaner
2014-12-27 22:58:29 ----A---- C:\WINDOWS\system32\klfphc.dll
2014-12-27 22:57:28 ----D---- C:\Program Files (x86)\Kaspersky Lab
2014-12-27 22:57:27 ----D---- C:\ProgramData\Kaspersky Lab
2014-12-27 22:57:18 ----A---- C:\WINDOWS\system32\drivers\klif.sys
2014-12-27 22:57:18 ----A---- C:\WINDOWS\system32\drivers\klflt.sys
2014-12-27 13:10:06 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2014-12-27 12:48:05 ----SD---- C:\WINDOWS\SYSWOW64\Microsoft
2014-12-26 23:31:19 ----D---- C:\WINDOWS\SYSWOW64\vbox
2014-12-26 23:31:19 ----D---- C:\WINDOWS\system32\vbox
2014-12-26 23:18:31 ----D---- C:\WINDOWS\system32\appraiser
2014-12-26 23:16:03 ----A---- C:\WINDOWS\system32\RtNicProp64.dll
2014-12-26 23:16:03 ----A---- C:\WINDOWS\system32\drivers\Rt630x64.sys
2014-12-26 23:15:26 ----D---- C:\Program Files (x86)\Qualcomm Atheros
2014-12-26 23:14:25 ----N---- C:\WINDOWS\system32\athwbx.sys
2014-12-26 23:14:25 ----A---- C:\WINDOWS\system32\drivers\athwbx.sys
2014-12-26 22:36:38 ----D---- C:\Users\libor\AppData\Roaming\Mozilla
2014-12-26 22:36:33 ----D---- C:\ProgramData\Mozilla
2014-12-26 21:19:23 ----A---- C:\WINDOWS\SYSWOW64\DeviceSetupStatusProvider.dll
2014-12-26 21:19:23 ----A---- C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-26 21:19:22 ----A---- C:\WINDOWS\SYSWOW64\crypt32.dll
2014-12-26 21:19:22 ----A---- C:\WINDOWS\system32\crypt32.dll
2014-12-26 21:10:25 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-26 21:10:24 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2014-12-26 21:10:24 ----A---- C:\WINDOWS\system32\appraiser.dll
2014-12-26 21:10:24 ----A---- C:\WINDOWS\system32\aepic.dll
2014-12-26 21:10:24 ----A---- C:\WINDOWS\system32\aeinv.dll
2014-12-26 21:10:23 ----A---- C:\WINDOWS\system32\invagent.dll
2014-12-26 21:10:23 ----A---- C:\WINDOWS\system32\generaltel.dll
2014-12-26 21:10:23 ----A---- C:\WINDOWS\system32\devinv.dll
2014-12-26 21:10:22 ----A---- C:\WINDOWS\system32\aepdu.dll
2014-12-26 21:10:21 ----A---- C:\WINDOWS\SYSWOW64\MrmCoreR.dll
2014-12-26 21:10:21 ----A---- C:\WINDOWS\system32\MrmCoreR.dll
2014-12-26 21:10:18 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2014-12-26 21:10:18 ----A---- C:\WINDOWS\system32\drivers\pdc.sys
2014-12-26 21:10:18 ----A---- C:\WINDOWS\system32\drivers\intelpep.sys
2014-12-26 21:10:18 ----A---- C:\WINDOWS\system32\drivers\dumpsd.sys
2014-12-26 21:10:14 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-12-26 21:10:13 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2014-12-26 21:10:08 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-12-26 21:10:07 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2014-12-26 21:10:06 ----A---- C:\WINDOWS\system32\jscript9.dll
2014-12-26 21:10:04 ----A---- C:\WINDOWS\system32\wininet.dll
2014-12-26 21:10:03 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2014-12-26 21:10:03 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-12-26 21:10:02 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2014-12-26 21:10:02 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-12-26 21:10:01 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2014-12-26 21:10:01 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2014-12-26 21:09:59 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2014-12-26 21:09:58 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2014-12-26 21:09:58 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2014-12-26 21:09:58 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2014-12-26 21:09:57 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2014-12-26 21:09:57 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2014-12-26 21:09:57 ----A---- C:\WINDOWS\system32\vbscript.dll
2014-12-26 21:09:57 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-12-26 21:09:57 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-12-26 21:09:57 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2014-12-26 21:09:57 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2014-12-26 21:09:56 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\system32\webcheck.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\system32\jscript.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\system32\inetcomm.dll
2014-12-26 21:09:56 ----A---- C:\WINDOWS\system32\dxtrans.dll
2014-12-26 21:09:46 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2014-12-26 21:09:46 ----A---- C:\WINDOWS\system32\poqexec.exe

======List of files/folders modified in the last 1 month======

2014-12-28 11:19:03 ----D---- C:\WINDOWS\Prefetch
2014-12-28 11:15:27 ----RD---- C:\Program Files
2014-12-28 11:11:59 ----D---- C:\Users\libor\AppData\Roaming\DAEMON Tools Lite
2014-12-28 11:11:53 ----DC---- C:\WINDOWS\Panther
2014-12-28 11:11:53 ----D---- C:\WINDOWS\Temp
2014-12-28 11:11:53 ----D---- C:\WINDOWS\Inf
2014-12-28 11:11:53 ----D---- C:\WINDOWS\debug
2014-12-28 11:11:53 ----D---- C:\Windows
2014-12-28 11:11:27 ----D---- C:\WINDOWS\system32\Tasks
2014-12-28 11:11:20 ----D---- C:\WINDOWS\system32\config
2014-12-28 11:00:12 ----D---- C:\WINDOWS\system32\sru
2014-12-28 10:36:59 ----D---- C:\WINDOWS\CbsTemp
2014-12-28 10:36:52 ----D---- C:\WINDOWS\WinSxS
2014-12-28 10:35:38 ----D---- C:\WINDOWS\Microsoft.NET
2014-12-28 00:40:45 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2014-12-28 00:37:58 ----SHD---- C:\System Volume Information
2014-12-28 00:36:36 ----D---- C:\Program Files (x86)\YouTube Accelerator
2014-12-28 00:36:28 ----D---- C:\Program Files (x86)\ShopperPro
2014-12-28 00:08:54 ----D---- C:\ProgramData\ShopperPro
2014-12-28 00:08:28 ----AD---- C:\ProgramData\Temp
2014-12-27 23:47:38 ----SHD---- C:\WINDOWS\Installer
2014-12-27 23:47:20 ----D---- C:\WINDOWS\system32\drivers
2014-12-27 23:35:07 ----D---- C:\WINDOWS\rescache
2014-12-27 22:58:46 ----HD---- C:\ProgramData
2014-12-27 22:58:29 ----D---- C:\WINDOWS\System32
2014-12-27 22:58:26 ----D---- C:\WINDOWS\system32\DriverStore
2014-12-27 22:57:40 ----HD---- C:\WINDOWS\ELAMBKUP
2014-12-27 22:57:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-27 22:57:28 ----RD---- C:\Program Files (x86)
2014-12-27 13:44:40 ----D---- C:\WINDOWS\system32\NDF
2014-12-27 12:50:58 ----D---- C:\ProgramData\AVAST Software
2014-12-27 12:48:05 ----D---- C:\WINDOWS\SysWOW64
2014-12-27 12:41:12 ----D---- C:\WINDOWS\system32\catroot
2014-12-26 23:18:32 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2014-12-26 23:18:32 ----D---- C:\WINDOWS\system32\sr-Latn-RS
2014-12-26 23:18:32 ----D---- C:\WINDOWS\system32\sr-Latn-CS
2014-12-26 23:18:32 ----D---- C:\WINDOWS\system32\cs-CZ
2014-12-26 23:18:31 ----SD---- C:\WINDOWS\system32\CompatTel
2014-12-26 23:18:31 ----SD---- C:\ProgramData\Microsoft
2014-12-26 23:18:31 ----D---- C:\WINDOWS\AppCompat
2014-12-26 23:18:28 ----D---- C:\WINDOWS\PolicyDefinitions
2014-12-26 23:18:28 ----D---- C:\Program Files\Internet Explorer
2014-12-26 23:18:28 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-26 23:16:03 ----D---- C:\Program Files (x86)\Realtek
2014-12-26 22:23:05 ----D---- C:\WINDOWS\AppReadiness
2014-12-26 22:23:04 ----HD---- C:\Program Files\WindowsApps
2014-12-26 22:20:10 ----D---- C:\WINDOWS\system32\MRT
2014-12-26 22:17:56 ----A---- C:\WINDOWS\system32\MRT.exe
2014-12-26 21:08:09 ----SD---- C:\Users\libor\AppData\Roaming\Microsoft
2014-12-26 21:02:20 ----D---- C:\WINDOWS\system32\catroot2
2014-12-09 13:17:46 ----D---- C:\Users\libor\AppData\Roaming\CyberLink
2014-12-09 13:01:05 ----D---- C:\ProgramData\CyberLink
2014-12-03 18:39:31 ----D---- C:\WINDOWS\system32\wdi
2014-11-29 20:00:51 ----D---- C:\WINDOWS\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-09-14 647736]
R0 kl1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2014-12-27 458336]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2014-12-27 625760]
R1 KLIM6;@oem20.inf,%KLIM6_Desc%;Kaspersky Anti-Virus NDIS 6 Filter; C:\WINDOWS\system32\DRIVERS\klim6.sys [2013-10-20 30304]
R1 klpd;klpd; C:\WINDOWS\system32\DRIVERS\klpd.sys [2013-04-12 15456]
R1 klwfp;klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [2014-12-27 65120]
R1 kneps;kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [2014-12-27 178272]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R3 AiCharger;ASUS Charger Driver; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [2012-09-18 17152]
R3 athr;@oem1.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athwbx.sys [2013-08-15 3859968]
R3 ATP;@oem4.inf,%PS2.DeviceDesc%;ASUS Input Device; C:\WINDOWS\System32\drivers\AsusTP.sys [2013-04-16 65784]
R3 BTATH_BUS;@oem5.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2013-03-27 34384]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2014-01-28 593000]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-09-24 81920]
R3 HIDSwitch;@oem17.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2013-10-09 20280]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2013-10-01 4177920]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2013-06-04 3441992]
R3 IntcDAud;@oem24.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2013-01-09 342528]
R3 iwdbus;@oem30.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2013-08-22 26008]
R3 kbfiltr;@oem12.inf,%kbfiltr.SvcDesc%;Keyboard Filter; C:\WINDOWS\System32\drivers\kbfiltr.sys [2012-08-02 14992]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [2014-12-27 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2013-10-20 29280]
R3 MEIx64;@oem22.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 RSBASTOR;@oem26.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\WINDOWS\system32\DRIVERS\RtsBaStor.sys [2012-10-08 298640]
R3 RTL8168;@oem10.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-09-09 833752]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S0 klelam;klelam; C:\WINDOWS\system32\DRIVERS\klelam.sys [2014-12-27 29792]
S3 AthBTPort;@oem9.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\WINDOWS\system32\DRIVERS\btath_flt.sys [2013-03-27 89168]
S3 BTATH_A2DP;@oem8.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\WINDOWS\system32\drivers\btath_a2dp.sys [2013-03-27 346192]
S3 btath_avdt;@oem8.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\WINDOWS\system32\drivers\btath_avdt.sys [2013-03-27 115280]
S3 BTATH_HCRP;@oem11.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\WINDOWS\System32\drivers\btath_hcrp.sys [2013-03-27 179432]
S3 BTATH_LWFLT;@oem20.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [2013-03-27 77464]
S3 BTATH_RCP;@oem16.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\WINDOWS\System32\drivers\btath_rcp.sys [2013-03-27 136784]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2013-08-22 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-09-24 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2014-09-24 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-09-24 1200640]
S3 intaud_WaveExtensible;@oem29.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2013-08-22 39320]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2014-09-24 167424]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2013-06-14 1281640]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-20 214512]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936]
R3 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2012-10-05 110976]
R3 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-04-13 277120]
R3 Asus WebStorage Windows Service;Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [2012-12-19 72192]
R3 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-03-27 227968]
R3 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R3 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-09-13 2466448]
R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R3 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-06-27 129856]
R3 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
R3 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 277824]
R3 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2013-10-01 279000]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]

-----------------EOF-----------------

[altrok]

Zdravim, jeste tam cosik zustava

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Clean
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[Barthez01]

Tak log je zde:

# AdwCleaner v4.106 - Report created 28/12/2014 at 12:20:59
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 8.1 (64 bits)
# Username : libor - KROUŤA
# Running from : C:\Users\libor\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
Folder Deleted : C:\Program Files (x86)\iWebar
Folder Deleted : C:\Program Files (x86)\ShopperPro
Folder Deleted : C:\Program Files (x86)\YouTube Accelerator
Folder Deleted : C:\Users\libor\AppData\Local\CrashRpt
Folder Deleted : C:\Users\libor\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam
File Deleted : C:\Users\Administrator\Desktop\YouTube Accelerator.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : ShopperPro
Task Deleted : SPDriver
Task Deleted : 7c82d588-f306-4366-8f8b-71f85e442eb4-3
Task Deleted : 7c82d588-f306-4366-8f8b-71f85e442eb4-4
Task Deleted : 7c82d588-f306-4366-8f8b-71f85e442eb4-5

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\ShopperPro
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\iWebar
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\iWebar
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2898 octets] - [28/12/2014 12:19:15]
AdwCleaner[S0].txt - [2735 octets] - [28/12/2014 12:20:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2795 octets] ##########

[altrok]

Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[Barthez01]

Log FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by libor (administrator) on KROUŤA on 28-12-2014 13:03:31
Running from C:\Users\libor\Desktop
Loaded Profile: libor (Available profiles: libor & Administrator)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Users\libor\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\libor\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files (x86)\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-17] (CANON INC.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-03-27] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [Google Update] => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-17] (Google Inc.)
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\libor\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\libor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001 -> {05870D65-5FF8-44AC-9D09-484D036BB8B9} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001 -> {15C3F52E-0D68-439A-9AD1-F843CD51E14C} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001 -> {2789D1ED-5343-4F90-A9CC-E833171C2E03} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001 -> {3CDB764B-D916-4ECF-9C98-2714EA7839CE} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001 -> {585160DE-01A9-4ED6-B619-E9701CE580F1} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001 -> {690847D0-A54E-467D-A1DE-C2DF065F8F42} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001 -> {7C9A03FD-A028-4E65-AFE1-E59FBD532249} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001 -> {9B2CCDDC-9472-4C09-A414-86D63421CC18} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001 -> {E8165915-B155-4727-BE7C-1B3BE94ABB71} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.254

FireFox:
========
FF ProfilePath: C:\Users\libor\AppData\Roaming\Mozilla\Firefox\Profiles\dfacbah2.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2750973948-3039927462-2491869335-1001: @tools.google.com/Google Update;version=3 -> C:\Users\libor\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2750973948-3039927462-2491869335-1001: @tools.google.com/Google Update;version=9 -> C:\Users\libor\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: iWebar - C:\Users\libor\AppData\Roaming\Mozilla\Firefox\Profiles\dfacbah2.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com [2014-12-26]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-12-27]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-27]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-12-27]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-12-27]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-12-27]

Chrome:
=======
CHR HomePage: Default -> https://www.seznam.cz/?clid=22668
CHR StartupUrls: Default -> "https://www.seznam.cz/?clid=22668"
CHR Profile: C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-24]
CHR Extension: (Disk Google) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-24]
CHR Extension: (Kaspersky Protection) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-12-28]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2014-03-30]
CHR Extension: (YouTube) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-24]
CHR Extension: (Spry this!) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam [2014-12-28]
CHR Extension: (Vyhledávání Google) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-24]
CHR Extension: (Kaspersky URL poradce) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-12-28]
CHR Extension: (Ochrana financí) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-12-28]
CHR Extension: (Blokování nebezpečných webů) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-12-28]
CHR Extension: (Virtuální klávesnice) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-12-28]
CHR Extension: (Peněženka Google) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-24]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2014-03-30]
CHR Extension: (Gmail) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-24]
CHR Extension: (Anti-Banner) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-12-28]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/deta ... ddbepgkeaa [Not Found]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/deta ... ddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-27] (Qualcomm Atheros Commnucations)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-20] (Kaspersky Lab ZAO)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [99936 2006-11-10] ()
R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R3 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-27] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-27] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-12-27] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-12-27] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-12-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-12-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-20] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-12-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-20] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-12-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-12-27] (Kaspersky Lab ZAO)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 13:03 - 2014-12-28 13:03 - 00022499 _____ () C:\Users\libor\Desktop\FRST.txt
2014-12-28 13:00 - 2014-12-28 13:03 - 00000000 ____D () C:\FRST
2014-12-28 12:59 - 2014-12-28 12:59 - 02122752 _____ (Farbar) C:\Users\libor\Desktop\FRST64.exe
2014-12-28 12:21 - 2014-12-28 12:21 - 00000794 _____ () C:\WINDOWS\PFRO.log
2014-12-28 12:19 - 2014-12-28 12:21 - 00000000 ____D () C:\AdwCleaner
2014-12-28 12:17 - 2014-12-28 12:17 - 02173952 _____ () C:\Users\libor\Desktop\adwcleaner_4.106.exe
2014-12-28 12:05 - 2014-12-28 12:05 - 00000000 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-28 11:15 - 2014-12-28 11:19 - 00000000 ____D () C:\Program Files\trend micro
2014-12-28 11:15 - 2014-12-28 11:15 - 00000000 ____D () C:\rsit
2014-12-28 11:14 - 2014-12-28 11:14 - 01222144 _____ () C:\Users\libor\Desktop\RSITx64.exe
2014-12-28 11:11 - 2014-12-28 11:11 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-28 11:11 - 2014-12-28 11:11 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-28 11:11 - 2014-12-28 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-28 11:11 - 2014-12-28 11:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-28 11:10 - 2014-12-28 11:10 - 05317104 _____ (Piriform Ltd) C:\Users\libor\Downloads\ccsetup501.exe
2014-12-27 22:59 - 2014-12-28 00:09 - 00002352 _____ () C:\Users\libor\Desktop\Ochrana financí.lnk
2014-12-27 22:59 - 2014-12-27 22:59 - 00001347 _____ () C:\Users\libor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2014-12-27 22:58 - 2014-12-27 22:58 - 00001142 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-12-27 22:58 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2014-12-27 22:57 - 2014-12-28 12:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-27 22:57 - 2014-12-27 23:47 - 00625760 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2014-12-27 22:57 - 2014-12-27 23:47 - 00115296 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2014-12-27 22:57 - 2014-12-27 22:57 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-27 13:10 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-27 12:47 - 2014-12-27 12:48 - 00000247 _____ () C:\WINDOWS\system32\2014-12-27-11-47-05.079-aswFe.exe-3196.log
2014-12-27 12:47 - 2014-12-27 12:47 - 00000197 _____ () C:\WINDOWS\system32\2014-12-27-11-47-02.067-AvastVBoxSVC.exe-3360.log
2014-12-26 23:31 - 2014-12-26 23:31 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-12-26 23:31 - 2014-12-26 23:31 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-12-26 23:18 - 2014-12-26 23:18 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-26 23:16 - 2013-09-09 14:54 - 00833752 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2014-12-26 23:16 - 2013-09-09 14:54 - 00074456 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2014-12-26 23:15 - 2014-12-26 23:15 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-12-26 23:14 - 2013-08-27 23:42 - 00086035 ____N () C:\WINDOWS\system32\athwbx.cat
2014-12-26 23:14 - 2013-08-15 20:13 - 03859968 ____N (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2014-12-26 23:14 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2014-12-26 22:36 - 2014-12-26 22:36 - 00000000 ____D () C:\Users\libor\AppData\Roaming\Mozilla
2014-12-26 22:36 - 2014-12-26 22:36 - 00000000 ____D () C:\Users\libor\AppData\Local\Mozilla
2014-12-26 22:36 - 2014-12-26 22:36 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-26 21:19 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-26 21:19 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-26 21:19 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-26 21:19 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-26 21:10 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-26 21:10 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-26 21:10 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-26 21:10 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-26 21:10 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-26 21:10 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-26 21:10 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-26 21:10 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-26 21:10 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-26 21:10 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-26 21:10 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-26 21:10 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-26 21:10 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-26 21:10 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-26 21:10 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-26 21:10 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-26 21:10 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-26 21:10 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-26 21:10 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-26 21:10 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-26 21:10 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-26 21:10 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-26 21:10 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-26 21:10 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-26 21:10 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-26 21:10 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-26 21:10 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-26 21:09 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-26 21:09 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-26 21:09 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-26 21:09 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-26 21:09 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-26 21:09 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-26 21:09 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-26 21:09 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-26 21:09 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-26 21:09 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-26 21:09 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-26 21:09 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-26 21:09 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-26 21:09 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-26 21:09 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-26 21:09 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-26 21:09 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-26 21:09 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-26 21:09 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-26 21:09 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-26 21:09 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-26 21:09 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-26 21:09 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-26 21:09 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-26 21:09 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-26 21:09 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-26 21:09 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-26 21:09 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-26 21:09 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-26 21:01 - 2014-12-28 10:09 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{99A03C07-0B03-47A3-8A23-5A9BD27D37F5}
2014-12-26 21:01 - 2014-12-26 21:01 - 00000000 __SHD () C:\Users\libor\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-28 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-28 12:51 - 2014-01-17 16:49 - 00000976 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001UA1cf139bbacae710.job
2014-12-28 12:45 - 2014-01-07 00:53 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2750973948-3039927462-2491869335-1001
2014-12-28 12:26 - 2014-11-09 11:42 - 00000000 ____D () C:\Users\libor\OneDrive
2014-12-28 12:26 - 2013-12-24 14:08 - 00000074 _____ () C:\Users\libor\AppData\Roaming\sp_data.sys
2014-12-28 12:26 - 2013-07-31 08:21 - 00003268 _____ () C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2014-12-28 12:26 - 2013-07-31 08:18 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2014-12-28 12:25 - 2013-07-31 08:21 - 00002988 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2014-12-28 12:25 - 2013-07-31 08:20 - 00003004 _____ () C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2014-12-28 12:25 - 2013-07-31 08:18 - 00003056 _____ () C:\WINDOWS\System32\Tasks\ASUS P4G
2014-12-28 12:25 - 2013-07-31 08:17 - 00003114 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update
2014-12-28 12:25 - 2013-07-31 08:08 - 00003542 _____ () C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)
2014-12-28 12:22 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-28 12:21 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-28 11:53 - 2013-12-24 15:10 - 00002424 _____ () C:\Users\libor\Desktop\Google Chrome.lnk
2014-12-28 11:51 - 2014-01-17 16:49 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001Core1cf139bb934e664.job
2014-12-28 11:46 - 2014-01-17 16:49 - 00003922 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001UA1cf139bbacae710
2014-12-28 11:46 - 2014-01-17 16:49 - 00003542 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001Core1cf139bb934e664
2014-12-28 11:11 - 2014-11-09 10:44 - 00000000 ___DC () C:\WINDOWS\Panther
2014-12-28 11:11 - 2014-03-30 09:49 - 00000000 ____D () C:\Users\libor\AppData\Roaming\DAEMON Tools Lite
2014-12-28 11:11 - 2014-01-07 00:31 - 00000000 ____D () C:\Users\libor\AppData\Local\CrashDumps
2014-12-28 10:36 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-28 00:08 - 2013-07-31 08:18 - 00000000 ____D () C:\ProgramData\Temp
2014-12-27 23:47 - 2013-10-20 07:04 - 00458336 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2014-12-27 23:47 - 2013-10-20 07:04 - 00029280 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys
2014-12-27 23:47 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys
2014-12-27 23:47 - 2013-05-07 17:56 - 00065120 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2014-12-27 23:47 - 2012-07-27 18:38 - 00029792 _____ (Kaspersky Lab) C:\WINDOWS\system32\Drivers\klelam.sys
2014-12-27 23:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-27 22:58 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-27 22:57 - 2014-09-24 17:23 - 01745984 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-27 22:57 - 2014-09-24 16:39 - 00739924 _____ () C:\WINDOWS\system32\perfh005.dat
2014-12-27 22:57 - 2014-09-24 16:39 - 00151610 _____ () C:\WINDOWS\system32\perfc005.dat
2014-12-27 22:57 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-12-27 13:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-27 12:50 - 2014-03-23 15:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-26 23:24 - 2014-02-01 17:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-26 23:18 - 2014-09-24 20:02 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-26 23:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-26 23:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-26 23:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-26 23:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-26 23:16 - 2013-07-31 08:04 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-12-26 22:23 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-26 22:20 - 2013-12-28 18:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-26 22:17 - 2013-12-28 18:26 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 12:33 - 2014-11-09 10:56 - 00000000 ____D () C:\Users\libor
2014-12-09 13:17 - 2014-01-03 21:31 - 00000000 ____D () C:\Users\libor\AppData\Roaming\CyberLink
2014-12-09 13:01 - 2014-01-03 18:59 - 00000000 ____D () C:\ProgramData\CyberLink
2014-12-03 18:24 - 2013-11-12 02:58 - 00000000 ____D () C:\Users\libor\Documents\Bluetooth Folder

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\libor\AppData\Local\Temp\Quarantine.exe
C:\Users\libor\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-28 12:45

==================== End Of Log ============================






Log Addition:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2014
Ran by libor at 2014-12-28 13:05:09
Running from C:\Users\libor\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Angry Birds Breakfast 1 (HKLM-x32\...\{A2A84F3C-2273-4F05-8A41-D0C5FA271651}) (Version: 1.0.16 - Rovio Entertainment Ltd.)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.21.909.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.16 - ASUS)
Seznam Software (HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\SeznamInstall) (Version: - Seznam.cz)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\libor\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2750973948-3039927462-2491869335-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\libor\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

06-12-2014 21:30:34 Naplánovaný kontrolní bod
18-12-2014 21:26:15 Naplánovaný kontrolní bod
26-12-2014 19:06:20 Naplánovaný kontrolní bod

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11491822-7757-4A5B-A62F-871CC6C36633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001Core1cf139bb934e664 => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-17] (Google Inc.)
Task: {1412CAF8-B866-4162-B59D-1A4D3CB0ED57} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {15DE4EF1-9DCF-47A4-A9A5-4933AB6A5466} - System32\Tasks\UNELEVATE_26097 => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe <==== ATTENTION
Task: {2799088D-ABAE-40D8-819C-C5B9E97C4EFF} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {3965797B-8A37-429E-AB92-27D08A44C8E6} - System32\Tasks\UNELEVATE_9403 => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe <==== ATTENTION
Task: {43BA8B8A-8B66-4A0A-A938-034C1C6F22AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001UA1cf139bbacae710 => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-17] (Google Inc.)
Task: {6911EA3A-0BDF-4261-AC72-631952A0F284} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {74C099BA-AEDA-4DBF-863E-F565578BC93E} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {A6BCEF7A-D108-4C7C-B2C5-B588EA4CE8DE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-26] (Microsoft Corporation)
Task: {BD43EBAB-6F06-43DA-B61E-68653F803B65} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {C09A7488-DA33-40C1-A5E7-3A5B7AB9A487} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {C2DE3FD8-440A-4A74-ADD2-5B4211BED791} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {CE7B9628-9BE9-49BE-9E5F-B63899114358} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {CEA1EF06-4DBC-4E7D-A3BA-1BD7D4856071} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-16] (AsusTek)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001Core1cf139bb934e664.job => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001UA1cf139bbacae710.job => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-26 14:35 - 2006-11-10 16:12 - 00099936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-03-30 09:50 - 2013-04-15 12:32 - 00060416 _____ () C:\Users\libor\AppData\Roaming\Seznam.cz\bin\28026libfoxloader-x64.dll
2013-03-27 11:36 - 2013-03-27 11:36 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-03-27 11:33 - 2013-03-27 11:33 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-03-27 11:39 - 2013-03-27 11:39 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-03-30 09:50 - 2013-04-12 09:13 - 00457208 _____ () C:\Users\libor\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2014-03-30 09:50 - 2013-04-29 11:53 - 00045560 _____ () C:\Users\libor\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-12-12 23:25 - 2014-12-12 23:25 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-03-30 09:50 - 2013-03-25 15:39 - 00894968 _____ () C:\Users\libor\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2014-03-30 09:50 - 2013-03-29 12:37 - 00059384 _____ () C:\Users\libor\AppData\Roaming\Seznam.cz\bin\28026libfoxloader.dll
2013-07-31 08:00 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\Users\libor\OneDrive:ms-properties
AlternateDataStreams: C:\Users\libor\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HomeNetSvc => 3
MSCONFIG\Services: McAPExe => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 3
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX3
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\StartupApproved\Run: => "SPDriver"
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\StartupApproved\Run: => "GoobzoYouTubeAccelerator"

========================= Accounts: ==========================

Administrator (S-1-5-21-2750973948-3039927462-2491869335-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2750973948-3039927462-2491869335-501 - Limited - Disabled)
libor (S-1-5-21-2750973948-3039927462-2491869335-1001 - Administrator - Enabled) => C:\Users\libor

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/28/2014 00:23:51 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/28/2014 00:23:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/28/2014 00:23:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexovacího modulu nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/28/2014 00:23:51 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/28/2014 00:23:51 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: Správce modulu plug-in <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows

Podrobnosti:
(HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (12/28/2014 00:23:50 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. 0xc0041801 (0xc0041801)

Error: (12/28/2014 00:23:50 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
0x8e5e0210 (0x8e5e0210)

Error: (12/28/2014 00:23:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer (2588) Windows: Při otevírání souboru protokolu C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0006F.log došlo k chybě -1811 (0xfffff8ed).

Error: (12/28/2014 09:32:26 AM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1288) SRUJet: Při zotavení či obnovení databáze došlo k neočekávané chybě -1216.

Error: (12/28/2014 09:32:26 AM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost (1288) SRUJet: Obnovení databáze se nezdařilo a došlo k chybě -1216, protože byly zjištěny odkazy na databázi C:\WINDOWS\system32\SRU\SRUDB.dat, která již není k dispozici. Databáze nebyla před odebráním (či případným přesunutím nebo přejmenováním) převedena do stavu čistého vypnutí. Databázový stroj nepovolí dokončení obnovení pro tuto instanci, dokud nebude znovu vytvořena instance chybějící databáze. Pokud databáze již skutečně není k dispozici a není již nadále požadována, získáte pokyny týkající se odstranění této chyby ve znalostní bázi Microsoft Knowledge Base nebo po klepnutí na odkaz Další informace na konci této zprávy.


System errors:
=============
Error: (12/28/2014 00:24:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (12/28/2014 00:24:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Search bylo dosaženo časového limitu (30000 ms).

Error: (12/28/2014 00:23:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (12/28/2014 00:23:51 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search skončila s následující chybou specifickou pro službu:
%%2147749126

Error: (12/28/2014 00:23:36 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a29\??\C:\Users\libor\ntuser.dat

Error: (12/28/2014 00:21:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ZAtheros Bt and Wlan Coex Agent byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/28/2014 00:21:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Management and Security Application User Notification Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/28/2014 00:21:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/28/2014 00:21:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) ME Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/28/2014 00:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Intel(R) Capability Licensing Service Interface byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.


Microsoft Office Sessions:
=========================
Error: (12/28/2014 00:23:51 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/28/2014 00:23:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: aplikace Windows

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/28/2014 00:23:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/28/2014 00:23:51 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Zadaný objekt nebyl nalezen. Zadejte název existujícího objektu. (HRESULT : 0x80040d06) (0x80040d06)
Search.TripoliIndexer

Error: (12/28/2014 00:23:51 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: Kontext: aplikace Windows

Podrobnosti:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
Search.TripoliIndexer

Error: (12/28/2014 00:23:50 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Podrobnosti:
Katalog indexu obsahu je poškozený. 0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (12/28/2014 00:23:50 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Podrobnosti:
0x8e5e0210 (0x8e5e0210)
4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)

Error: (12/28/2014 00:23:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer2588Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0006F.log-1811 (0xfffff8ed)

Error: (12/28/2014 09:32:26 AM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost1288SRUJet: -1216

Error: (12/28/2014 09:32:26 AM) (Source: ESENT) (EventID: 494) (User: )
Description: svchost1288SRUJet: -1216C:\WINDOWS\system32\SRU\SRUDB.dat


CodeIntegrity Errors:
===================================
Date: 2014-12-27 22:59:22.908
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-27 22:59:17.126
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-27 22:59:11.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-27 22:59:07.641
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-27 22:59:06.922
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-27 22:59:06.547
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-27 22:59:05.897
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-27 22:59:05.428
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-27 22:59:04.444
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-12-27 22:59:03.459
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz
Percentage of memory in use: 23%
Total physical RAM: 6029.74 MB
Available physical RAM: 4637.9 MB
Total Pagefile: 6989.74 MB
Available Pagefile: 5464.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:278.67 GB) (Free:143.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:397.87 GB) (Free:397.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 32FAA5A0)

Partition: GPT Partition Type.

==================== End Of Log ============================

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
  HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [Google Update] => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-17] (Google Inc.)
  HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\libor\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
  HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\libor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
  HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe
  HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
  ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
  ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
  ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
  ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
  ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
  ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
  ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
  CHR HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  
  HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  FF Extension: iWebar - C:\Users\libor\AppData\Roaming\Mozilla\Firefox\Profiles\dfacbah2.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com [2014-12-26]
  CHR StartupUrls: Default -> "https://www.seznam.cz/?clid=22668"
  CHR Extension: (Spry this!) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam [2014-12-28]
  
  2014-12-28 13:03 - 2014-12-28 13:03 - 00022499 _____ () C:\Users\libor\Desktop\FRST.txt
  2014-12-28 12:19 - 2014-12-28 12:21 - 00000000 ____D () C:\AdwCleaner
  2014-12-28 12:17 - 2014-12-28 12:17 - 02173952 _____ () C:\Users\libor\Desktop\adwcleaner_4.106.exe
  2014-12-28 11:15 - 2014-12-28 11:19 - 00000000 ____D () C:\Program Files\trend micro
  2014-12-28 11:15 - 2014-12-28 11:15 - 00000000 ____D () C:\rsit
  2014-12-28 11:14 - 2014-12-28 11:14 - 01222144 _____ () C:\Users\libor\Desktop\RSITx64.exe
  2014-12-28 11:10 - 2014-12-28 11:10 - 05317104 _____ (Piriform Ltd) C:\Users\libor\Downloads\ccsetup501.exe
  C:\ProgramData\SetStretch.exe
  C:\ProgramData\SetStretch.VBS
  
  Task: {15DE4EF1-9DCF-47A4-A9A5-4933AB6A5466} - System32\Tasks\UNELEVATE_26097 => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe <==== ATTENTION
  Task: {3965797B-8A37-429E-AB92-27D08A44C8E6} - System32\Tasks\UNELEVATE_9403 => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe <==== ATTENTION
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001Core1cf139bb934e664.job => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001UA1cf139bbacae710.job => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe
  AlternateDataStreams: C:\ProgramData\Temp:56E2E879
  
  C:\Program Files (x86)\ShopperPro
  Hosts:
  EmptyTemp:
  End
  

[Barthez01]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2014
Ran by libor at 2014-12-28 15:50:12 Run:1
Running from C:\Users\libor\Desktop
Loaded Profile: libor (Available profiles: libor & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [Google Update] => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-17] (Google Inc.)
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\libor\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\libor\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: iWebar - C:\Users\libor\AppData\Roaming\Mozilla\Firefox\Profiles\dfacbah2.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com [2014-12-26]
CHR StartupUrls: Default -> "https://www.seznam.cz/?clid=22668"
CHR Extension: (Spry this!) - C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam [2014-12-28]

2014-12-28 13:03 - 2014-12-28 13:03 - 00022499 _____ () C:\Users\libor\Desktop\FRST.txt
2014-12-28 12:19 - 2014-12-28 12:21 - 00000000 ____D () C:\AdwCleaner
2014-12-28 12:17 - 2014-12-28 12:17 - 02173952 _____ () C:\Users\libor\Desktop\adwcleaner_4.106.exe
2014-12-28 11:15 - 2014-12-28 11:19 - 00000000 ____D () C:\Program Files\trend micro
2014-12-28 11:15 - 2014-12-28 11:15 - 00000000 ____D () C:\rsit
2014-12-28 11:14 - 2014-12-28 11:14 - 01222144 _____ () C:\Users\libor\Desktop\RSITx64.exe
2014-12-28 11:10 - 2014-12-28 11:10 - 05317104 _____ (Piriform Ltd) C:\Users\libor\Downloads\ccsetup501.exe
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS

Task: {15DE4EF1-9DCF-47A4-A9A5-4933AB6A5466} - System32\Tasks\UNELEVATE_26097 => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe <==== ATTENTION
Task: {3965797B-8A37-429E-AB92-27D08A44C8E6} - System32\Tasks\UNELEVATE_9403 => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001Core1cf139bb934e664.job => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001UA1cf139bbacae710.job => C:\Users\libor\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:56E2E879

C:\Program Files (x86)\ShopperPro
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value deleted successfully.
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value deleted successfully.
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value deleted successfully.
HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found.
"HKU\S-1-5-21-2750973948-3039927462-2491869335-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\libor\AppData\Roaming\Mozilla\Firefox\Profiles\dfacbah2.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com => Moved successfully.
Chrome StartupUrls deleted successfully.
C:\Users\libor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cigiagpbkapepgklncnajbakkpkopmam => Moved successfully.
C:\Users\libor\Desktop\FRST.txt => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\libor\Desktop\adwcleaner_4.106.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\libor\Desktop\RSITx64.exe => Moved successfully.
C:\Users\libor\Downloads\ccsetup501.exe => Moved successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15DE4EF1-9DCF-47A4-A9A5-4933AB6A5466}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15DE4EF1-9DCF-47A4-A9A5-4933AB6A5466}" => Key deleted successfully.
C:\Windows\System32\Tasks\UNELEVATE_26097 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_26097" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3965797B-8A37-429E-AB92-27D08A44C8E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3965797B-8A37-429E-AB92-27D08A44C8E6}" => Key deleted successfully.
C:\Windows\System32\Tasks\UNELEVATE_9403 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UNELEVATE_9403" => Key deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001Core1cf139bb934e664.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2750973948-3039927462-2491869335-1001UA1cf139bbacae710.job => Moved successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
"C:\Program Files (x86)\ShopperPro" => File/Directory not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 123.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:50:15 ====

[altrok]

Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[Barthez01]

Ok. Vyřešeno a já moc děkuji.

[altrok]

Nemate zac, rad jsem pomohl


Preju pohodovy zbytek roku a jeste pohodovejsi vstup do roku noveho