Chybná bitová kopie - SOS !!!

[Martina.Br.]

Takže log mbar:

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.11.18.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: ADMIN-TOSH [administrator]

14.1.2015 10:19:11
mbar-log-2015-01-14 (10-19-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 364693
Time elapsed: 39 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TNod (Trojan.Agent.CK) -> Delete on reboot. [4bf2a5983b41072f3285b0ad39cc718f]

Registry Values Detected: 3
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|14207 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msiwkmui.com -> Delete on reboot. [af8e85b82a52979fc30eb37e8a7a4db3]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|14207 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msiwkmui.com -> Delete on reboot. [82bb4af35e1e56e0419048e9b84c01ff]
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|x86kernel2 (Trojan.Agent) -> Data: c:\42686079\svchost.exe -> Delete on reboot. [4bf2e35a2656290dd4b18ffa46bd857b]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\TNod User & Password Finder\uninst-tnod.exe (Trojan.Agent.CK) -> Delete on reboot. [4bf2a5983b41072f3285b0ad39cc718f]
C:\Users\admin\AppData\Local\svcxdcl32.dat (Trojan.Agent) -> Delete on reboot. [42fb0e2f96e6261054d67dd817ec6d93]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[vyosek]

Kdyz jedete na nelegalnim zabezpeceni, tak se neni cemu divit, ze se Vam tam spousta haveti dostane

MBAR se moc nepredvedl Pouzijem poradny nastroj

Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

[Martina.Br.]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by admin (administrator) on ADMIN-TOSH on 14-01-2015 11:19:11
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin)
Platform: Windows 7 Home Premium (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Facebook) C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Společnost TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-10-15] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2903688 2010-07-02] (ESET)
HKLM\...\Run: [TNOD UP] => "C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe" /i
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Kufaaf] => "C:\Users\admin\AppData\Roaming\Kubuadm\gefopo.exe"
HKLM\...\Run: [Kihaxyletuitwi] => "C:\Users\admin\AppData\Roaming\Momawei\enqugu.exe"
HKLM\...\Run: [Yhesemgy] => "C:\Users\admin\AppData\Roaming\Ixyqqa\mupuq.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
Winlogon\Notify\cmjahae-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cmjahae.dll ()
Winlogon\Notify\cnjahae-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cnjahae.dll ()
Winlogon\Notify\laominx-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\laominx.dll ()
Winlogon\Notify\laymegx-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\laymegx.dll ()
Winlogon\Notify\megxlay-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\megxlay.dll ()
Winlogon\Notify\xmeglay-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\xmeglay.dll ()
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-18\...\Run: [JuseZvucu] => regsvr32.exe "C:\ProgramData\JuseZvucu\BaqoFcus.xqd"
HKU\S-1-5-18\...\Run: [laominx] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\laominx.dll",laominx <===== ATTENTION
HKU\S-1-5-18\...\Run: [laymegx] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\laymegx.dll",laymegx <===== ATTENTION
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
URLSearchHook: HKU\S-1-5-21-4276310980-1373315075-2881649484-1000 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4276310980-1373315075-2881649484-1000 -> {38C7CBF5-114D-4C64-80E4-EE7795D89208} URL = http://rover.ebay.com/rover/1/710-71511 ... earchTerms}
SearchScopes: HKU\S-1-5-21-4276310980-1373315075-2881649484-1000 -> {95344AD6-CA51-45FD-B624-344AAA5E2895} URL = http://www.amazon.co.uk/gp/search?ie=UT ... nkCode=ur2
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> C:\Program Files\StatSoft\STATISTICA 12\StaBHO.dll (StatSoft, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: QipLI Class -> {6B5863A0-C43F-4C0A-982B-CC0E9125783F} -> C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> C:\Program Files\StatSoft\STATISTICA 12\Support\StaBHO.dll (StatSoft, Inc.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll No File
BHO-x32: DVDVideoSoft Toolbar -> {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -> C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
Toolbar: HKLM-x32 - DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\Windows\SysWOW64\btxppanel.dll (Broadcom Corporation.)
Tcpip\..\Interfaces\{21D58735-AE15-4842-9829-CBBD2157E4C6}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4A58A413-B75C-4A66-9274-C26982A7D85A}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{62B8830F-0C16-460D-9FBF-AC757AC06575}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.609 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.609 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.609 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.609 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4276310980-1373315075-2881649484-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4276310980-1373315075-2881649484-1000: facebook.com/fbDesktopPlugin -> C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-05]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-09-27]
FF HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=112465&tt=3012_2&babsrc=HP_ss&mntrId=0881377f00000000000070f1a1466265
CHR StartupUrls: Default -> "hxxp://search.chatzum.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Vyhledávání Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-02-14]
CHR Extension: (Peněženka Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-12-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2010-07-02] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2010-07-02] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 BTSERIAL; C:\Windows\SysWOW64\drivers\btserial.sys [23271 2004-11-29] (Broadcom Corporation.) [File not signed]
S2 BTSLBCSP; C:\Windows\SysWOW64\drivers\btslbcsp.sys [222876 2004-11-29] (Broadcom Corporation.) [File not signed]
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [166984 2010-06-24] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139704 2010-04-28] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [169592 2010-04-28] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33608 2010-04-28] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50600 2010-04-28] (ESET)
U5 Netlogon; C:\Windows\system32\lsass.exe [31232 2011-11-17] (Microsoft Corporation)
U5 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2011-11-17] (Microsoft Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-09] () [File not signed]
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
U3 ahrortp9; C:\Windows\System32\Drivers\ahrortp9.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 11:19 - 2015-01-14 11:19 - 00026677 _____ () C:\Users\admin\Desktop\FRST.txt
2015-01-14 11:18 - 2015-01-14 11:19 - 00000000 ____D () C:\FRST
2015-01-14 11:18 - 2015-01-14 11:17 - 02124288 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-01-14 10:19 - 2015-01-14 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 10:18 - 2015-01-14 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 10:18 - 2015-01-14 11:01 - 00000000 ____D () C:\Users\admin\Desktop\mbar
2015-01-14 10:18 - 2015-01-14 10:18 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 10:18 - 2015-01-14 10:18 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 10:17 - 2015-01-14 10:16 - 16448208 _____ (Malwarebytes Corp.) C:\Users\admin\Desktop\mbar-1.08.2.1001.exe
2015-01-13 23:56 - 2015-01-13 23:56 - 00019557 _____ () C:\ComboFix.txt
2015-01-13 23:47 - 2015-01-13 23:49 - 00000000 ____D () C:\ProgramData\JuseZvucu
2015-01-13 23:41 - 2015-01-13 23:41 - 00001204 _____ () C:\CF-Submit.htm
2015-01-13 22:55 - 2015-01-14 11:07 - 00016236 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 22:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-13 22:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-13 22:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-13 22:16 - 2015-01-14 00:02 - 00000000 ____D () C:\Qoobox
2015-01-13 22:16 - 2015-01-13 23:47 - 00000000 ____D () C:\Windows\erdnt
2015-01-13 22:16 - 2015-01-13 22:14 - 05609736 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2015-01-13 21:34 - 2015-01-13 21:34 - 03148854 _____ () C:\Users\admin\Documents\Decrypt All Files mmjujvj.bmp
2015-01-13 21:34 - 2015-01-13 21:34 - 00001266 _____ () C:\Users\admin\Documents\Decrypt All Files mmjujvj.txt
2015-01-13 20:57 - 2015-01-13 20:57 - 00003264 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].TXT.mmjujvj
2015-01-13 20:57 - 2015-01-13 20:20 - 00018480 _____ () C:\Users\admin\Desktop\Logfile of random.DOCX.mmjujvj
2015-01-13 20:57 - 2015-01-13 20:18 - 00009072 _____ () C:\Users\admin\Desktop\RSIT.TXT.mmjujvj
2015-01-13 20:53 - 2015-01-14 11:03 - 00002942 _____ () C:\Windows\PFRO.log
2015-01-13 20:43 - 2015-01-13 20:59 - 00000000 ____D () C:\AdwCleaner
2015-01-13 20:09 - 2015-01-13 21:29 - 00000000 ____D () C:\rsit
2015-01-13 20:09 - 2015-01-13 20:09 - 00000000 ____D () C:\Program Files (x86)\trend micro
2015-01-13 20:08 - 2015-01-13 19:54 - 01107968 _____ () C:\Users\admin\Desktop\RSIT.exe
2015-01-13 20:04 - 2015-01-14 11:03 - 00000336 _____ () C:\Windows\setupact.log
2015-01-13 20:04 - 2015-01-13 20:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-13 20:03 - 2015-01-09 21:16 - 02737120 _____ () C:\Users\admin\Desktop\DSCN1225.JPG.wdfljvj
2015-01-13 20:03 - 2015-01-07 22:15 - 02286576 _____ () C:\Users\admin\Downloads\ORGANICKÁ CHEMIE.DOCX.wdfljvj
2015-01-13 20:03 - 2015-01-07 22:14 - 01213136 _____ () C:\Users\admin\Downloads\Vypracovane_otazky organa.DOC.wdfljvj
2015-01-13 20:03 - 2015-01-07 14:45 - 01638528 _____ () C:\Users\admin\Downloads\3_Organick_slou_eniny_dus_ku_a_kysl_ku (1).PDF.wdfljvj
2015-01-13 20:03 - 2015-01-07 14:18 - 01638528 _____ () C:\Users\admin\Downloads\3_Organick_slou_eniny_dus_ku_a_kysl_ku.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-07 14:10 - 02052240 _____ () C:\Users\admin\Downloads\Lipidy.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-07 10:44 - 01357056 _____ () C:\Users\admin\Downloads\sacharidy-bez_animaci.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-06 19:45 - 01945296 _____ () C:\Users\admin\Downloads\prilohy_26561.ZIP.wdfljvj
2015-01-13 20:03 - 2015-01-04 22:05 - 01175040 _____ () C:\Users\admin\Downloads\zaverecna_prace.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-04 10:17 - 02316784 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky-1.DOCX.wdfljvj
2015-01-13 20:03 - 2015-01-04 09:42 - 01373088 _____ () C:\Users\admin\Downloads\2_Organick_chemie-2pred.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-04 09:42 - 01302144 _____ () C:\Users\admin\Downloads\4_Karboxylov_fci_der (2).PDF.wdfljvj
2015-01-13 20:03 - 2015-01-04 09:41 - 01302144 _____ () C:\Users\admin\Downloads\4_Karboxylov_fci_der (1).PDF.wdfljvj
2015-01-13 20:03 - 2012-04-18 01:15 - 01559088 _____ () C:\Users\admin\Documents\UPRAVENO – kopie.PDF.wdfljvj
2015-01-13 20:03 - 2012-02-23 21:05 - 01636224 _____ () C:\Users\admin\Downloads\Nova slozka.ZIP.wdfljvj
2015-01-13 19:06 - 2015-01-13 19:06 - 00000000 ____D () C:\Users\admin\AppData\Local\RKB
2015-01-13 17:46 - 2015-01-13 21:34 - 01121537 _____ () C:\ProgramData\ihvhzvh.html
2015-01-13 17:43 - 2015-01-13 17:43 - 00002866 _____ () C:\Windows\System32\Tasks\pbklicg
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\Users\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\Users\AppData\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\Users\admin\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\Users\HELP_DECRYPT.URL
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\Users\AppData\HELP_DECRYPT.URL
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\Users\admin\HELP_DECRYPT.URL
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\HELP_DECRYPT.URL
2015-01-12 14:41 - 2015-01-12 14:41 - 00008562 _____ () C:\Users\admin\Downloads\HELP_DECRYPT.HTML
2015-01-12 14:41 - 2015-01-12 14:41 - 00000280 _____ () C:\Users\admin\Downloads\HELP_DECRYPT.URL
2015-01-12 14:40 - 2015-01-12 14:40 - 00008562 _____ () C:\Users\admin\Documents\HELP_DECRYPT.HTML
2015-01-12 14:40 - 2015-01-12 14:40 - 00000280 _____ () C:\Users\admin\Documents\HELP_DECRYPT.URL
2015-01-12 14:23 - 2015-01-12 17:08 - 00001376 _____ () C:\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:23 - 2015-01-12 13:52 - 00001376 _____ () C:\ProgramData\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:23 - 2010-12-02 13:41 - 00021168 _____ () C:\Program Files (x86)\EULA.CS.wdfljvj
2015-01-12 14:23 - 2010-03-11 12:35 - 00000416 ____H () C:\SWSTAMP.TXT.wdfljvj
2015-01-12 13:57 - 2015-01-12 13:57 - 00008562 _____ () C:\Users\admin\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-12 13:57 - 2015-01-12 13:57 - 00008562 _____ () C:\Users\admin\AppData\HELP_DECRYPT.HTML
2015-01-12 13:57 - 2015-01-12 13:57 - 00000280 _____ () C:\Users\admin\AppData\Roaming\HELP_DECRYPT.URL
2015-01-12 13:57 - 2015-01-12 13:57 - 00000280 _____ () C:\Users\admin\AppData\HELP_DECRYPT.URL
2015-01-12 13:56 - 2015-01-12 13:56 - 00008562 _____ () C:\Users\admin\AppData\Local\HELP_DECRYPT.HTML
2015-01-12 13:56 - 2015-01-12 13:56 - 00000280 _____ () C:\Users\admin\AppData\Local\HELP_DECRYPT.URL
2015-01-12 13:52 - 2015-01-12 13:52 - 00008562 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-12 13:52 - 2015-01-12 13:52 - 00000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-11 13:03 - 2015-01-11 13:03 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 3425793768
2015-01-11 13:03 - 2014-02-24 01:04 - 00507576 ____N (Eraem Corniratu) C:\Windows\SysWOW64\ixykwuot.exe
2015-01-08 14:57 - 2015-01-08 14:57 - 00003808 _____ () C:\Windows\System32\Tasks\Security Center Update - 3998176165
2015-01-08 14:57 - 2014-01-19 11:43 - 00509100 ____N (Eraem Corniratu) C:\Windows\SysWOW64\weirkay.exe
2015-01-08 09:09 - 2015-01-08 09:09 - 00003818 _____ () C:\Windows\System32\Tasks\Security Center Update - 514026233
2015-01-08 09:09 - 2011-01-16 19:54 - 00508951 ____N (Eraem Corniratu) C:\Windows\SysWOW64\fautkotybi.exe
2015-01-07 14:44 - 2015-01-13 20:40 - 00000000 ____D () C:\Users\admin\Desktop\ORGANIKA
2015-01-07 08:56 - 2015-01-07 08:56 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 607701921
2015-01-07 08:56 - 2014-07-31 09:59 - 00505504 ____N (Eraem Corniratu) C:\Windows\SysWOW64\xireab.exe
2015-01-07 08:53 - 2015-01-07 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-07 08:52 - 2015-01-07 08:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-07 08:52 - 2015-01-07 08:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-07 08:49 - 2015-01-07 08:49 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-06 19:46 - 2015-01-13 19:24 - 00000000 ____D () C:\Users\admin\Desktop\6.1
2015-01-06 08:55 - 2015-01-13 22:50 - 00000000 ____D () C:\42686079
2015-01-06 08:21 - 2015-01-06 08:21 - 00000000 ____D () C:\Windows\SysWOW64\ຐ֭ೀ֭sers
2015-01-05 18:36 - 2015-01-05 18:38 - 35432576 _____ () C:\Users\admin\Downloads\Koně-1.PPT.mmjujvj
2015-01-05 18:24 - 2015-01-13 21:10 - 00000000 ____D () C:\Users\admin\Desktop\hygiena
2015-01-04 15:17 - 2015-01-13 21:07 - 00000000 ____D () C:\Users\admin\Desktop\exo 6-11
2015-01-04 15:17 - 2015-01-13 20:51 - 00000000 ____D () C:\Users\admin\Desktop\exo1-5
2015-01-04 15:15 - 2015-01-04 15:16 - 20022832 _____ () C:\Users\admin\Downloads\prilohy_390.ZIP.mmjujvj
2015-01-03 21:26 - 2015-01-03 21:26 - 00001725 _____ () C:\Users\admin\Desktop\Computer.lnk
2014-12-30 17:07 - 2015-01-13 20:28 - 00000000 ____D () C:\Users\admin\Desktop\30122014
2014-12-30 16:41 - 2015-01-12 13:47 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-30 16:34 - 2014-12-30 16:35 - 53898616 _____ () C:\Users\admin\Downloads\Nepotvrzeno 2911.crdownload
2014-12-30 16:33 - 2014-12-30 16:35 - 936785696 _____ () C:\Users\admin\Desktop\Anorganická a organická chemie.ZIP.mmjujvj
2014-12-23 14:44 - 2014-12-23 14:44 - 00000000 ____D () C:\Users\admin\AppData\Roaming\CrystalIdea Software
2014-12-22 23:01 - 2014-12-22 23:01 - 00499712 ____N () C:\Windows\fjEeGHhRviMexXc.exe
2014-12-22 08:46 - 2014-12-22 08:46 - 00002121 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2014-12-19 19:00 - 2014-12-19 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-19 18:59 - 2014-12-19 19:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-18 20:35 - 2014-12-18 20:35 - 00003808 _____ () C:\Windows\System32\Tasks\Security Center Update - 591574539
2014-12-16 20:12 - 2014-12-16 20:12 - 00000000 ____D () C:\found.000
2014-12-16 07:54 - 2015-01-03 22:47 - 00934704 _____ () C:\Users\admin\AppData\Local\f5e83w4ef.dat
2014-12-15 20:53 - 2014-12-15 20:53 - 00004651 _____ () C:\Users\admin\how_decrypt.html
2014-12-15 20:53 - 2014-12-15 20:53 - 00004651 _____ () C:\Users\admin\AppData\Local\how_decrypt.html
2014-12-15 20:49 - 2014-12-15 20:49 - 00003808 _____ () C:\Windows\System32\Tasks\Security Center Update - 3741571091
2014-12-15 19:53 - 2015-01-13 20:24 - 00000000 ____D () C:\Users\admin\Desktop\eko zk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 11:11 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:11 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:05 - 2010-09-27 14:37 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 11:04 - 2010-09-27 14:37 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 11:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 11:01 - 2010-09-27 16:41 - 00000000 ____D () C:\Program Files (x86)\TNod User & Password Finder
2015-01-14 10:16 - 2012-04-17 18:55 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA.job
2015-01-13 23:49 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-13 23:48 - 2009-07-14 03:34 - 77066240 _____ () C:\Windows\system32\config\software.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 21495808 _____ () C:\Windows\system32\config\system.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 03862528 _____ () C:\Windows\system32\config\default.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2015-01-13 23:00 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-13 22:02 - 2012-04-17 18:55 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core.job
2015-01-13 21:29 - 2011-09-19 20:06 - 00000000 ____D () C:\Users\admin\Desktop\ŠKOLA
2015-01-13 21:29 - 2011-02-02 18:08 - 00000000 ____D () C:\Users\admin\Desktop\ZDENDA
2015-01-13 21:15 - 2012-06-26 22:15 - 00000000 ____D () C:\Users\admin\Desktop\ostatní
2015-01-13 21:10 - 2010-09-30 10:26 - 00000000 ____D () C:\Users\admin\Documents\ČZU ABPS
2015-01-13 21:04 - 2013-07-17 21:05 - 00000000 ____D () C:\Users\admin\Desktop\promoce
2015-01-13 21:04 - 2013-05-31 12:30 - 00000000 ____D () C:\Users\admin\Desktop\nor
2015-01-13 20:57 - 2010-04-08 14:20 - 00000000 ____D () C:\ProgramData\ATI
2015-01-13 20:52 - 2013-05-23 16:34 - 00000000 ____D () C:\Users\admin\Desktop\best
2015-01-13 20:50 - 2010-10-31 19:49 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-13 20:46 - 2012-08-31 07:57 - 00000000 ____D () C:\Users\admin\Desktop\N
2015-01-13 20:37 - 2013-07-23 21:44 - 00000000 ____D () C:\Users\admin\Desktop\mobil
2015-01-13 20:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-13 20:29 - 2014-08-17 19:23 - 00000000 ____D () C:\Users\admin\Desktop\Od Zdendy Django + války
2015-01-13 20:27 - 2013-12-02 21:30 - 00000000 ____D () C:\Users\admin\Desktop\podzim 2013
2015-01-13 20:22 - 2014-08-07 15:50 - 00000000 ____D () C:\Users\admin\Desktop\Zoo Dvůr Králové 7.8.2014
2015-01-13 20:00 - 2010-09-27 19:21 - 00000000 ____D () C:\Users\admin\AppData\Local\MediaMonkey
2015-01-13 19:59 - 2011-09-26 19:46 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 19:37 - 2014-02-10 20:30 - 00000000 ____D () C:\Users\admin\Desktop\prilohy_17781
2015-01-13 19:32 - 2014-06-17 11:55 - 00000000 ____D () C:\Users\admin\Desktop\Matěj
2015-01-13 19:28 - 2014-09-10 09:47 - 00000000 ____D () C:\Users\admin\Desktop\Custer na FB
2015-01-13 19:28 - 2013-10-11 20:01 - 00000000 ____D () C:\Users\admin\Desktop\1. Mgr
2015-01-13 19:26 - 2014-08-25 08:22 - 00000000 ____D () C:\Users\admin\Desktop\CUSTER
2015-01-13 19:18 - 2014-11-10 17:33 - 00000000 ____D () C:\Users\admin\Desktop\DP
2015-01-13 19:18 - 2013-01-08 07:45 - 00000000 ____D () C:\Users\admin\AppData\Roaming\MyHeritage
2015-01-13 19:18 - 2012-07-14 20:18 - 00000000 ____D () C:\Users\admin\Documents\samsung
2015-01-13 19:18 - 2011-09-05 17:42 - 00000000 ____D () C:\Users\admin\Documents\Spartan
2015-01-13 19:18 - 2010-10-04 22:44 - 00000000 ____D () C:\Users\admin\AppData\Roaming\BitTorrent
2015-01-13 19:18 - 2010-09-27 17:03 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2015-01-13 19:17 - 2014-12-10 11:33 - 00000000 ____D () C:\Users\admin\Desktop\Anorganická a organická chemie
2015-01-13 19:17 - 2012-09-01 08:07 - 00000000 ____D () C:\Users\admin\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2015-01-13 19:17 - 2012-05-03 21:28 - 00000000 ____D () C:\Users\admin\Desktop\hry
2015-01-13 19:17 - 2011-02-23 12:53 - 00000000 ____D () C:\Users\admin\Downloads\Zoo Tycoon 2
2015-01-13 19:17 - 2011-01-09 14:22 - 00000000 ____D () C:\Users\admin\Documents\DVDVideoSoft
2015-01-13 19:17 - 2010-12-26 23:41 - 00000000 ____D () C:\Users\admin\Documents\EA Games
2015-01-13 19:17 - 2010-12-05 16:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Real
2015-01-13 19:17 - 2010-11-07 11:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Samsung
2015-01-13 19:17 - 2010-10-04 20:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\YoudaGames
2015-01-13 19:17 - 2010-09-27 23:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2015-01-13 19:17 - 2010-09-27 19:39 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2015-01-13 19:17 - 2010-09-04 17:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Toshiba
2015-01-13 19:17 - 2010-09-04 12:38 - 00000000 ____D () C:\Users\admin
2015-01-13 19:15 - 2013-09-16 18:54 - 00000000 ____D () C:\Users\admin\AppData\Local\Pokki
2015-01-13 19:15 - 2010-09-27 17:03 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla
2015-01-13 19:13 - 2012-04-17 18:54 - 00000000 ____D () C:\Users\admin\AppData\Local\Facebook
2015-01-13 19:13 - 2010-09-27 13:56 - 00000000 ____D () C:\Users\admin\AppData\Local\Microsoft Games
2015-01-13 19:13 - 2010-09-27 13:28 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2015-01-13 19:12 - 2013-11-25 18:38 - 00000000 ____D () C:\PC TRANSLATOR DEMO
2015-01-13 19:12 - 2010-03-11 12:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2015-01-13 19:11 - 2010-03-11 12:04 - 00000000 ____D () C:\Program Files (x86)\eBay
2015-01-13 17:46 - 2010-03-11 12:15 - 00000000 ____D () C:\Works
2015-01-13 17:45 - 2012-12-26 21:28 - 00000000 ____D () C:\ProgramData\MyHeritage
2015-01-13 17:45 - 2010-10-11 22:20 - 00000000 ____D () C:\ProgramData\DivX
2015-01-13 17:45 - 2010-10-11 15:33 - 00000000 ____D () C:\Program Files (x86)\Miranda IM
2015-01-13 17:45 - 2010-09-27 19:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-13 17:45 - 2010-09-27 19:39 - 00000000 ____D () C:\ProgramData\Skype
2015-01-13 17:45 - 2010-09-27 19:21 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2015-01-13 17:45 - 2010-09-27 14:41 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-13 17:45 - 2010-04-08 14:36 - 00000000 ____D () C:\ProgramData\TOSHIBA
2015-01-13 17:45 - 2010-04-08 14:19 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-01-13 17:45 - 2010-03-11 12:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-13 17:45 - 2010-03-11 12:10 - 00000000 ____D () C:\ProgramData\SiteAdvisor
2015-01-13 17:45 - 2010-03-11 11:11 - 00000000 ____D () C:\Toshiba
2015-01-13 17:44 - 2010-03-11 12:06 - 00000000 ____D () C:\Program Files (x86)\Toshiba TEMPRO
2015-01-12 17:08 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 17:08 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\AppData\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 17:08 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:41 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\Downloads\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:40 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\Documents\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:10 - 2009-07-14 06:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 13:57 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\AppData\Roaming\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 13:57 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\AppData\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 13:56 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\AppData\Local\HELP_DECRYPT.TXT.wdfljvj
2015-01-09 22:26 - 2012-03-08 08:12 - 00409568 _____ () C:\Users\admin\Downloads\aminy01.DOC.wdfljvj
2015-01-09 18:41 - 2012-03-08 08:12 - 00116320 _____ () C:\Users\admin\Desktop\10614273_10203281861630849_3064998190579993020_n.JPG.wdfljvj
2015-01-08 20:01 - 2012-03-08 08:12 - 00653856 _____ () C:\Users\admin\Downloads\objednavka_vysetreni_vzorku.DOC.wdfljvj
2015-01-08 20:00 - 2012-03-08 08:12 - 00078192 _____ () C:\Users\admin\Downloads\olv_vzor_1_vzorky (1).DOC.wdfljvj
2015-01-08 19:55 - 2012-03-08 08:12 - 00078192 _____ () C:\Users\admin\Downloads\olv_vzor_1_vzorky.DOC.wdfljvj
2015-01-07 22:13 - 2012-03-08 08:12 - 00957280 _____ () C:\Users\admin\Downloads\org. zprac. okruhy.DOCX.wdfljvj
2015-01-07 14:44 - 2012-03-08 08:12 - 00199776 _____ () C:\Users\admin\Downloads\4_Tetrasubstituovan_deriv_ty_methanu.PDF.wdfljvj
2015-01-07 14:30 - 2012-03-08 08:12 - 00068976 _____ () C:\Users\admin\Downloads\otazkynazkousku(czuborec.cz-81c6d).DOC.wdfljvj
2015-01-07 14:28 - 2012-03-08 08:12 - 00070512 _____ () C:\Users\admin\Downloads\chemietahak(czuborec.cz-91ppd).DOC.wdfljvj
2015-01-07 14:25 - 2012-03-08 08:12 - 00037568 _____ () C:\Users\admin\Downloads\karboxylovekyseliny--(czuborec.cz-a65y7).doc.ZIP.wdfljvj
2015-01-07 14:24 - 2012-03-08 08:12 - 00494592 _____ () C:\Users\admin\Downloads\bilkoviny(czuborec.cz-a3196).DOC.wdfljvj
2015-01-07 14:23 - 2012-03-08 08:12 - 00067952 _____ () C:\Users\admin\Downloads\vzorovy_test(czuborec.cz-j5frs).DOC.wdfljvj
2015-01-07 14:23 - 2012-03-08 08:12 - 00064880 _____ () C:\Users\admin\Downloads\organika-test(czuborec.cz-u74ld).DOC.wdfljvj
2015-01-07 14:21 - 2012-03-08 08:12 - 00136000 _____ () C:\Users\admin\Downloads\zkouska_chemie_vypracovane(czuborec.cz-sxl2i).doc.ZIP.wdfljvj
2015-01-07 09:53 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1 (3).PDF.wdfljvj
2015-01-07 09:52 - 2012-03-08 08:12 - 00025440 _____ () C:\Users\admin\Downloads\k_organice_.DOC.wdfljvj
2015-01-07 09:51 - 2012-03-08 08:12 - 00028000 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky (2).DOC.wdfljvj
2015-01-07 09:50 - 2012-03-08 08:12 - 00011136 _____ () C:\Users\admin\Downloads\AF 2015.XLSX.wdfljvj
2015-01-06 18:57 - 2010-12-05 16:20 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4276310980-1373315075-2881649484-1000
2015-01-06 18:57 - 2010-12-05 16:20 - 00003210 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4276310980-1373315075-2881649484-1000
2015-01-06 08:21 - 2012-07-20 20:58 - 00011743 _____ () C:\Windows\SysWOW64\debug.log
2015-01-04 21:06 - 2012-03-08 08:12 - 00028000 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky (1).DOC.wdfljvj
2015-01-04 15:20 - 2014-12-09 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-04 15:20 - 2013-06-05 09:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-04 15:20 - 2012-09-24 10:56 - 00000000 ____D () C:\Program Files (x86)\Photo Story 3 for Windows
2015-01-04 15:20 - 2012-09-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-01-04 15:20 - 2011-09-05 14:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-01-04 15:20 - 2011-02-23 13:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-01-04 15:20 - 2011-01-31 11:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-01-04 15:20 - 2011-01-31 11:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-01-04 15:20 - 2010-12-26 23:25 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2015-01-04 15:20 - 2010-12-26 23:21 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-01-04 15:20 - 2010-12-05 16:19 - 00000000 ____D () C:\Program Files (x86)\Real
2015-01-04 15:20 - 2010-11-07 23:30 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-04 15:20 - 2010-11-07 11:59 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution
2015-01-04 15:20 - 2010-11-07 11:59 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2015-01-04 15:20 - 2010-11-02 11:09 - 00000000 ____D () C:\Program Files (x86)\Pidgin
2015-01-04 15:20 - 2010-10-11 22:20 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-01-04 15:20 - 2010-10-06 13:57 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2015-01-04 15:20 - 2010-10-02 20:47 - 00000000 ____D () C:\Program Files (x86)\QIP 2010
2015-01-04 15:20 - 2010-09-27 20:03 - 00000000 ____D () C:\Program Files (x86)\QIP
2015-01-04 15:20 - 2010-04-08 14:31 - 00000000 ____D () C:\Program Files (x86)\Realtek WLAN Driver
2015-01-04 15:20 - 2010-03-11 12:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-04 15:20 - 2010-03-11 12:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-04 15:20 - 2010-03-11 12:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-04 15:20 - 2010-03-11 12:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-04 15:20 - 2010-03-11 11:54 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-04 15:20 - 2010-03-11 11:53 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-04 15:20 - 2010-03-11 11:51 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-04 15:20 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-04 15:20 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-04 11:42 - 2012-03-08 08:12 - 00000512 ____H () C:\Users\admin\Desktop\~$ruhy_ot_zek_k_organick_sti_zkou_ky-1.DOCX.wdfljvj
2015-01-04 10:52 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1 (2).PDF.wdfljvj
2015-01-04 10:47 - 2014-05-30 13:35 - 00001982 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-04 10:47 - 2012-03-08 08:12 - 00042832 _____ () C:\Users\admin\Desktop\1461267_10203731813201884_4525841001195253217_n.JPG.wdfljvj
2015-01-04 10:04 - 2012-03-08 08:12 - 00022112 _____ () C:\Users\admin\Downloads\org reakce.DOCX.wdfljvj
2015-01-04 10:01 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1 (1).PDF.wdfljvj
2015-01-04 09:30 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1.PDF.wdfljvj
2015-01-04 09:21 - 2012-03-08 08:12 - 00028000 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky.DOC.wdfljvj
2015-01-04 08:29 - 2013-11-17 13:43 - 00002292 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-22 19:49 - 2012-09-24 11:21 - 00000000 ____D () C:\Users\admin\AppData\Local\Windows Live
2014-12-19 19:00 - 2013-06-05 12:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-15 22:16 - 2010-09-04 12:52 - 00111608 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 19:37

==================== End Of Log ============================

[vyosek]

Konzultuju s kolegy, jestli by slo s temi zasifrovanymi soubory neco udelat Muzete mi jich pripadne par zabalit a nekam nahrat


Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM\...\Run: [TNOD UP] => "C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe" /i
  HKLM\...\Run: [Kufaaf] => "C:\Users\admin\AppData\Roaming\Kubuadm\gefopo.exe"
  HKLM\...\Run: [Kihaxyletuitwi] => "C:\Users\admin\AppData\Roaming\Momawei\enqugu.exe"
  HKLM\...\Run: [Yhesemgy] => "C:\Users\admin\AppData\Roaming\Ixyqqa\mupuq.exe"
  HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
  HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
  HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
  HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
  HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
  Winlogon\Notify\cmjahae-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cmjahae.dll ()
  Winlogon\Notify\cnjahae-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cnjahae.dll ()
  Winlogon\Notify\laominx-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\laominx.dll ()
  Winlogon\Notify\laymegx-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\laymegx.dll ()
  Winlogon\Notify\megxlay-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\megxlay.dll ()
  Winlogon\Notify\xmeglay-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\xmeglay.dll ()
  HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
  HKU\S-1-5-18\...\Run: [JuseZvucu] => regsvr32.exe "C:\ProgramData\JuseZvucu\BaqoFcus.xqd"
  HKU\S-1-5-18\...\Run: [laominx] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\laominx.dll",laominx <===== ATTENTION
  HKU\S-1-5-18\...\Run: [laymegx] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\laymegx.dll",laymegx <===== ATTENTION
  Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
  Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
  
  HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
  URLSearchHook: HKLM-x32 - DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
  URLSearchHook: HKU\S-1-5-21-4276310980-1373315075-2881649484-1000 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
  StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-21-4276310980-1373315075-2881649484-1000 -> {38C7CBF5-114D-4C64-80E4-EE7795D89208} URL = http://rover.ebay.com/rover/1/710-71511 ... 4?satitle={searchTerms}
  SearchScopes: HKU\S-1-5-21-4276310980-1373315075-2881649484-1000 -> {95344AD6-CA51-45FD-B624-344AAA5E2895} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
  BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
  BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll No File
  BHO-x32: DVDVideoSoft Toolbar -> {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -> C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
  Toolbar: HKLM-x32 - DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
  Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll No File
  
  FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-09]
  FF HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
  FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
  
  CHR HomePage: Default -> hxxp://search.babylon.com/?affID=112465 ... f1a1466265
  CHR StartupUrls: Default -> "hxxp://search.chatzum.com"
  CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
  CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No File
  
  S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
  
  C:\Program Files (x86)\TNod User & Password Finder
  C:\Users\admin\AppData\Roaming\Ixyqqa
  C:\Users\admin\AppData\Roaming\Momawei
  C:\Users\admin\AppData\Roaming\Kubuadm
  C:\ProgramData\JuseZvucu
  C:\Windows\system32\config\systemprofile\AppData\Local\laymegx.dll
  C:\Windows\system32\config\systemprofile\AppData\Local\laominx.dl
  2015-01-14 11:19 - 2015-01-14 11:19 - 00026677 _____ () C:\Users\admin\Desktop\FRST.txt
  2015-01-14 10:19 - 2015-01-14 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
  2015-01-14 10:18 - 2015-01-14 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
  2015-01-14 10:18 - 2015-01-14 11:01 - 00000000 ____D () C:\Users\admin\Desktop\mbar
  2015-01-14 10:18 - 2015-01-14 10:18 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
  2015-01-14 10:18 - 2015-01-14 10:18 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
  2015-01-14 10:17 - 2015-01-14 10:16 - 16448208 _____ (Malwarebytes Corp.) C:\Users\admin\Desktop\mbar-1.08.2.1001.exe
  2015-01-13 23:47 - 2015-01-13 23:49 - 00000000 ____D () C:\ProgramData\JuseZvucu
  2015-01-13 20:57 - 2015-01-13 20:57 - 00003264 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].TXT.mmjujvj
  2015-01-13 20:57 - 2015-01-13 20:20 - 00018480 _____ () C:\Users\admin\Desktop\Logfile of random.DOCX.mmjujvj
  2015-01-13 20:57 - 2015-01-13 20:18 - 00009072 _____ () C:\Users\admin\Desktop\RSIT.TXT.mmjujvj
  2015-01-13 20:53 - 2015-01-14 11:03 - 00002942 _____ () C:\Windows\PFRO.log
  2015-01-13 20:43 - 2015-01-13 20:59 - 00000000 ____D () C:\AdwCleaner
  2015-01-13 20:09 - 2015-01-13 21:29 - 00000000 ____D () C:\rsit
  2015-01-13 20:09 - 2015-01-13 20:09 - 00000000 ____D () C:\Program Files (x86)\trend micro
  2015-01-13 20:08 - 2015-01-13 19:54 - 01107968 _____ () C:\Users\admin\Desktop\RSIT.exe
  2015-01-13 20:04 - 2015-01-14 11:03 - 00000336 _____ () C:\Windows\setupact.log
  2015-01-13 20:04 - 2015-01-13 20:04 - 00000000 _____ () C:\Windows\setuperr.log
  2015-01-11 13:03 - 2015-01-11 13:03 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 3425793768
  2015-01-11 13:03 - 2014-02-24 01:04 - 00507576 ____N (Eraem Corniratu) C:\Windows\SysWOW64\ixykwuot.exe
  2015-01-08 14:57 - 2015-01-08 14:57 - 00003808 _____ () C:\Windows\System32\Tasks\Security Center Update - 3998176165
  2015-01-08 14:57 - 2014-01-19 11:43 - 00509100 ____N (Eraem Corniratu) C:\Windows\SysWOW64\weirkay.exe
  2015-01-08 09:09 - 2015-01-08 09:09 - 00003818 _____ () C:\Windows\System32\Tasks\Security Center Update - 514026233
  2015-01-08 09:09 - 2011-01-16 19:54 - 00508951 ____N (Eraem Corniratu) C:\Windows\SysWOW64\fautkotybi.exe
  2015-01-07 08:56 - 2015-01-07 08:56 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 607701921
  2015-01-07 08:56 - 2014-07-31 09:59 - 00505504 ____N (Eraem Corniratu) C:\Windows\SysWOW64\xireab.exe
  2014-12-18 20:35 - 2014-12-18 20:35 - 00003808 _____ () C:\Windows\System32\Tasks\Security Center Update - 591574539
  2014-12-16 07:54 - 2015-01-03 22:47 - 00934704 _____ () C:\Users\admin\AppData\Local\f5e83w4ef.dat
  2014-12-15 20:49 - 2014-12-15 20:49 - 00003808 _____ () C:\Windows\System32\Tasks\Security Center Update - 3741571091
  2015-01-14 11:01 - 2010-09-27 16:41 - 00000000 ____D () C:\Program Files (x86)\TNod User & Password Finder
  c:\users\admin\AppData\Roaming\Kubuadm
  c:\users\admin\AppData\Roaming\Ykqopise
  c:\users\admin\AppData\Roaming\Momawei
  c:\users\admin\AppData\Roaming\Ilunir
  c:\programdata\JuseZvucu
  c:\users\admin\AppData\Roaming\Kyyhuz
  c:\programdata\vrxkwql
  c:\users\admin\AppData\Roaming\QipGuard
  c:\windows\SysWow64\ixykwuot.exe
  c:\windows\SysWow64\weirkay.exe
  c:\windows\SysWow64\fautkotybi.exe
  c:\windows\SysWow64\xireab.exe
  c:\windows\fjEeGHhRviMexXc.exe
  c:\windows\system32\config\systemprofile\AppData\Local\laominx.dll
  c:\windows\System32\config\systemprofile\AppData\Local\xmeglay.dll
  c:\windows\System32\config\systemprofile\AppData\Local\megxlay.dll
  c:\windows\System32\config\systemprofile\AppData\Local\laymegx.dll
  c:\windows\System32\config\systemprofile\AppData\Local\laominx.dll
  c:\windows\System32\config\systemprofile\AppData\Local\cnjahae.dll
  c:\windows\System32\config\systemprofile\AppData\Local\cmjahae.dll
  c:\users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
  c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
  c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
  c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core.job
  c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Martina.Br.]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02
Ran by admin at 2015-01-14 11:37:35 Run:1
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [TNOD UP] => "C:\Program Files (x86)\TNod User & Password Finder\TNODUP.exe" /i
HKLM\...\Run: [Kufaaf] => "C:\Users\admin\AppData\Roaming\Kubuadm\gefopo.exe"
HKLM\...\Run: [Kihaxyletuitwi] => "C:\Users\admin\AppData\Roaming\Momawei\enqugu.exe"
HKLM\...\Run: [Yhesemgy] => "C:\Users\admin\AppData\Roaming\Ixyqqa\mupuq.exe"
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Trend Micro <====== ATTENTION
Winlogon\Notify\cmjahae-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cmjahae.dll ()
Winlogon\Notify\cnjahae-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cnjahae.dll ()
Winlogon\Notify\laominx-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\laominx.dll ()
Winlogon\Notify\laymegx-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\laymegx.dll ()
Winlogon\Notify\megxlay-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\megxlay.dll ()
Winlogon\Notify\xmeglay-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\xmeglay.dll ()
HKU\S-1-5-18\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
HKU\S-1-5-18\...\Run: [JuseZvucu] => regsvr32.exe "C:\ProgramData\JuseZvucu\BaqoFcus.xqd"
HKU\S-1-5-18\...\Run: [laominx] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\laominx.dll",laominx <===== ATTENTION
HKU\S-1-5-18\...\Run: [laymegx] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\laymegx.dll",laymegx <===== ATTENTION
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
URLSearchHook: HKU\S-1-5-21-4276310980-1373315075-2881649484-1000 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4276310980-1373315075-2881649484-1000 -> {38C7CBF5-114D-4C64-80E4-EE7795D89208} URL = http://rover.ebay.com/rover/1/710-71511 ... 4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-4276310980-1373315075-2881649484-1000 -> {95344AD6-CA51-45FD-B624-344AAA5E2895} URL = http://www.amazon.co.uk/gp/search?ie=UT ... nkCode=ur2
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll No File
BHO-x32: DVDVideoSoft Toolbar -> {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -> C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
Toolbar: HKLM-x32 - DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll No File
Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll No File

FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-12-09]
FF HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

CHR HomePage: Default -> hxxp://search.babylon.com/?affID=112465 ... f1a1466265
CHR StartupUrls: Default -> "hxxp://search.chatzum.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No File

S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

C:\Program Files (x86)\TNod User & Password Finder
C:\Users\admin\AppData\Roaming\Ixyqqa
C:\Users\admin\AppData\Roaming\Momawei
C:\Users\admin\AppData\Roaming\Kubuadm
C:\ProgramData\JuseZvucu
C:\Windows\system32\config\systemprofile\AppData\Local\laymegx.dll
C:\Windows\system32\config\systemprofile\AppData\Local\laominx.dl
2015-01-14 11:19 - 2015-01-14 11:19 - 00026677 _____ () C:\Users\admin\Desktop\FRST.txt
2015-01-14 10:19 - 2015-01-14 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 10:18 - 2015-01-14 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-14 10:18 - 2015-01-14 11:01 - 00000000 ____D () C:\Users\admin\Desktop\mbar
2015-01-14 10:18 - 2015-01-14 10:18 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 10:18 - 2015-01-14 10:18 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-14 10:17 - 2015-01-14 10:16 - 16448208 _____ (Malwarebytes Corp.) C:\Users\admin\Desktop\mbar-1.08.2.1001.exe
2015-01-13 23:47 - 2015-01-13 23:49 - 00000000 ____D () C:\ProgramData\JuseZvucu
2015-01-13 20:57 - 2015-01-13 20:57 - 00003264 _____ () C:\Users\admin\Desktop\AdwCleaner[S0].TXT.mmjujvj
2015-01-13 20:57 - 2015-01-13 20:20 - 00018480 _____ () C:\Users\admin\Desktop\Logfile of random.DOCX.mmjujvj
2015-01-13 20:57 - 2015-01-13 20:18 - 00009072 _____ () C:\Users\admin\Desktop\RSIT.TXT.mmjujvj
2015-01-13 20:53 - 2015-01-14 11:03 - 00002942 _____ () C:\Windows\PFRO.log
2015-01-13 20:43 - 2015-01-13 20:59 - 00000000 ____D () C:\AdwCleaner
2015-01-13 20:09 - 2015-01-13 21:29 - 00000000 ____D () C:\rsit
2015-01-13 20:09 - 2015-01-13 20:09 - 00000000 ____D () C:\Program Files (x86)\trend micro
2015-01-13 20:08 - 2015-01-13 19:54 - 01107968 _____ () C:\Users\admin\Desktop\RSIT.exe
2015-01-13 20:04 - 2015-01-14 11:03 - 00000336 _____ () C:\Windows\setupact.log
2015-01-13 20:04 - 2015-01-13 20:04 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 13:03 - 2015-01-11 13:03 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 3425793768
2015-01-11 13:03 - 2014-02-24 01:04 - 00507576 ____N (Eraem Corniratu) C:\Windows\SysWOW64\ixykwuot.exe
2015-01-08 14:57 - 2015-01-08 14:57 - 00003808 _____ () C:\Windows\System32\Tasks\Security Center Update - 3998176165
2015-01-08 14:57 - 2014-01-19 11:43 - 00509100 ____N (Eraem Corniratu) C:\Windows\SysWOW64\weirkay.exe
2015-01-08 09:09 - 2015-01-08 09:09 - 00003818 _____ () C:\Windows\System32\Tasks\Security Center Update - 514026233
2015-01-08 09:09 - 2011-01-16 19:54 - 00508951 ____N (Eraem Corniratu) C:\Windows\SysWOW64\fautkotybi.exe
2015-01-07 08:56 - 2015-01-07 08:56 - 00003814 _____ () C:\Windows\System32\Tasks\Security Center Update - 607701921
2015-01-07 08:56 - 2014-07-31 09:59 - 00505504 ____N (Eraem Corniratu) C:\Windows\SysWOW64\xireab.exe
2014-12-18 20:35 - 2014-12-18 20:35 - 00003808 _____ () C:\Windows\System32\Tasks\Security Center Update - 591574539
2014-12-16 07:54 - 2015-01-03 22:47 - 00934704 _____ () C:\Users\admin\AppData\Local\f5e83w4ef.dat
2014-12-15 20:49 - 2014-12-15 20:49 - 00003808 _____ () C:\Windows\System32\Tasks\Security Center Update - 3741571091
2015-01-14 11:01 - 2010-09-27 16:41 - 00000000 ____D () C:\Program Files (x86)\TNod User & Password Finder
c:\users\admin\AppData\Roaming\Kubuadm
c:\users\admin\AppData\Roaming\Ykqopise
c:\users\admin\AppData\Roaming\Momawei
c:\users\admin\AppData\Roaming\Ilunir
c:\programdata\JuseZvucu
c:\users\admin\AppData\Roaming\Kyyhuz
c:\programdata\vrxkwql
c:\users\admin\AppData\Roaming\QipGuard
c:\windows\SysWow64\ixykwuot.exe
c:\windows\SysWow64\weirkay.exe
c:\windows\SysWow64\fautkotybi.exe
c:\windows\SysWow64\xireab.exe
c:\windows\fjEeGHhRviMexXc.exe
c:\windows\system32\config\systemprofile\AppData\Local\laominx.dll
c:\windows\System32\config\systemprofile\AppData\Local\xmeglay.dll
c:\windows\System32\config\systemprofile\AppData\Local\megxlay.dll
c:\windows\System32\config\systemprofile\AppData\Local\laymegx.dll
c:\windows\System32\config\systemprofile\AppData\Local\laominx.dll
c:\windows\System32\config\systemprofile\AppData\Local\cnjahae.dll
c:\windows\System32\config\systemprofile\AppData\Local\cmjahae.dll
c:\users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TNOD UP => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Kufaaf => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Kihaxyletuitwi => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Yhesemgy => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cmjahae" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cnjahae" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\laominx" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\laymegx" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\megxlay" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xmeglay" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\TOSHIBA Online Product Information => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\JuseZvucu => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\laominx => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\laymegx => value deleted successfully.
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}" => Key deleted successfully.
HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38C7CBF5-114D-4C64-80E4-EE7795D89208}" => Key deleted successfully.
HKCR\CLSID\{38C7CBF5-114D-4C64-80E4-EE7795D89208} => Key not found.
"HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95344AD6-CA51-45FD-B624-344AAA5E2895}" => Key deleted successfully.
HKCR\CLSID\{95344AD6-CA51-45FD-B624-344AAA5E2895} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CF0F43AB-9C23-4D7B-8040-201B82844854} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}" => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} => Moved successfully.
HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value deleted successfully.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll not found.
COMSysApp => Service deleted successfully.
C:\Program Files (x86)\TNod User & Password Finder => Moved successfully.
"C:\Users\admin\AppData\Roaming\Ixyqqa" => File/Directory not found.
"C:\Users\admin\AppData\Roaming\Momawei" => File/Directory not found.
"C:\Users\admin\AppData\Roaming\Kubuadm" => File/Directory not found.
C:\ProgramData\JuseZvucu => Moved successfully.
"C:\Windows\system32\config\systemprofile\AppData\Local\laymegx.dll" => File/Directory not found.
"C:\Windows\system32\config\systemprofile\AppData\Local\laominx.dl" => File/Directory not found.
C:\Users\admin\Desktop\FRST.txt => Moved successfully.
C:\ProgramData\Malwarebytes => Moved successfully.
C:\ProgramData\Malwarebytes' Anti-Malware (portable) => Moved successfully.
C:\Users\admin\Desktop\mbar => Moved successfully.
C:\Windows\system32\Drivers\MBAMSwissArmy.sys => Moved successfully.
C:\Windows\system32\Drivers\mbamchameleon.sys => Moved successfully.
C:\Users\admin\Desktop\mbar-1.08.2.1001.exe => Moved successfully.
"C:\ProgramData\JuseZvucu" => File/Directory not found.
C:\Users\admin\Desktop\AdwCleaner[S0].TXT.mmjujvj => Moved successfully.
C:\Users\admin\Desktop\Logfile of random.DOCX.mmjujvj => Moved successfully.
C:\Users\admin\Desktop\RSIT.TXT.mmjujvj => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files (x86)\trend micro => Moved successfully.
C:\Users\admin\Desktop\RSIT.exe => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 3425793768 => Moved successfully.
C:\Windows\SysWOW64\ixykwuot.exe => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 3998176165 => Moved successfully.
C:\Windows\SysWOW64\weirkay.exe => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 514026233 => Moved successfully.
C:\Windows\SysWOW64\fautkotybi.exe => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 607701921 => Moved successfully.
C:\Windows\SysWOW64\xireab.exe => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 591574539 => Moved successfully.
C:\Users\admin\AppData\Local\f5e83w4ef.dat => Moved successfully.
C:\Windows\System32\Tasks\Security Center Update - 3741571091 => Moved successfully.
"C:\Program Files (x86)\TNod User & Password Finder" => File/Directory not found.
"c:\users\admin\AppData\Roaming\Kubuadm" => File/Directory not found.
"c:\users\admin\AppData\Roaming\Ykqopise" => File/Directory not found.
"c:\users\admin\AppData\Roaming\Momawei" => File/Directory not found.
"c:\users\admin\AppData\Roaming\Ilunir" => File/Directory not found.
"c:\programdata\JuseZvucu" => File/Directory not found.
"c:\users\admin\AppData\Roaming\Kyyhuz" => File/Directory not found.
"c:\programdata\vrxkwql" => File/Directory not found.
"c:\users\admin\AppData\Roaming\QipGuard" => File/Directory not found.
"c:\windows\SysWow64\ixykwuot.exe" => File/Directory not found.
"c:\windows\SysWow64\weirkay.exe" => File/Directory not found.
"c:\windows\SysWow64\fautkotybi.exe" => File/Directory not found.
"c:\windows\SysWow64\xireab.exe" => File/Directory not found.
c:\windows\fjEeGHhRviMexXc.exe => Moved successfully.
"c:\windows\system32\config\systemprofile\AppData\Local\laominx.dll" => File/Directory not found.
"c:\windows\System32\config\systemprofile\AppData\Local\xmeglay.dll" => File/Directory not found.
"c:\windows\System32\config\systemprofile\AppData\Local\megxlay.dll" => File/Directory not found.
"c:\windows\System32\config\systemprofile\AppData\Local\laymegx.dll" => File/Directory not found.
"c:\windows\System32\config\systemprofile\AppData\Local\laominx.dll" => File/Directory not found.
"c:\windows\System32\config\systemprofile\AppData\Local\cnjahae.dll" => File/Directory not found.
"c:\windows\System32\config\systemprofile\AppData\Local\cmjahae.dll" => File/Directory not found.
c:\users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll => Moved successfully.
"c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk" => File/Directory not found.
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk" => File/Directory not found.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk => Moved successfully.
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core.job => Moved successfully.
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA.job => Moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 618.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 11:38:14 ====

[vyosek]

Dejte novy log z FRST a dejte i Addition.txt, ve FRST si jej zaskrtnete - vizte obrazek

[Martina.Br.]

Log first:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by admin (administrator) on ADMIN-TOSH on 14-01-2015 12:33:22
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin)
Platform: Windows 7 Home Premium (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Společnost TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-10-15] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2903688 2010-07-02] (ESET)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> C:\Program Files\StatSoft\STATISTICA 12\StaBHO.dll (StatSoft, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: QipLI Class -> {6B5863A0-C43F-4C0A-982B-CC0E9125783F} -> C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> C:\Program Files\StatSoft\STATISTICA 12\Support\StaBHO.dll (StatSoft, Inc.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\Windows\SysWOW64\btxppanel.dll (Broadcom Corporation.)
Tcpip\..\Interfaces\{21D58735-AE15-4842-9829-CBBD2157E4C6}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4A58A413-B75C-4A66-9274-C26982A7D85A}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{62B8830F-0C16-460D-9FBF-AC757AC06575}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.609 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.609 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.609 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.609 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4276310980-1373315075-2881649484-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4276310980-1373315075-2881649484-1000: facebook.com/fbDesktopPlugin -> C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-05]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-09-27]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Vyhledávání Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-02-14]
CHR Extension: (Peněženka Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-12-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2010-07-02] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2010-07-02] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 BTSERIAL; C:\Windows\SysWOW64\drivers\btserial.sys [23271 2004-11-29] (Broadcom Corporation.) [File not signed]
S2 BTSLBCSP; C:\Windows\SysWOW64\drivers\btslbcsp.sys [222876 2004-11-29] (Broadcom Corporation.) [File not signed]
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [166984 2010-06-24] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139704 2010-04-28] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [169592 2010-04-28] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33608 2010-04-28] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50600 2010-04-28] (ESET)
U5 Netlogon; C:\Windows\system32\lsass.exe [31232 2011-11-17] (Microsoft Corporation)
U5 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2011-11-17] (Microsoft Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-09] () [File not signed]
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
U3 axzlilse; C:\Windows\System32\Drivers\axzlilse.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 12:33 - 2015-01-14 12:34 - 00020694 _____ () C:\Users\admin\Desktop\FRST.txt
2015-01-14 11:39 - 2015-01-14 11:39 - 00000894 _____ () C:\Windows\PFRO.log
2015-01-14 11:39 - 2015-01-14 11:39 - 00000056 _____ () C:\Windows\setupact.log
2015-01-14 11:39 - 2015-01-14 11:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 11:36 - 2015-01-14 11:36 - 00010336 _____ () C:\Users\admin\Desktop\12.txt
2015-01-14 11:20 - 2015-01-14 11:20 - 00042257 _____ () C:\Users\admin\Desktop\Addition.txt
2015-01-14 11:18 - 2015-01-14 12:33 - 00000000 ____D () C:\FRST
2015-01-14 11:18 - 2015-01-14 11:17 - 02124288 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-01-13 23:56 - 2015-01-13 23:56 - 00019557 _____ () C:\ComboFix.txt
2015-01-13 23:41 - 2015-01-13 23:41 - 00001204 _____ () C:\CF-Submit.htm
2015-01-13 22:55 - 2015-01-14 11:43 - 00020089 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 22:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-13 22:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-13 22:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-13 22:16 - 2015-01-14 00:02 - 00000000 ____D () C:\Qoobox
2015-01-13 22:16 - 2015-01-13 23:47 - 00000000 ____D () C:\Windows\erdnt
2015-01-13 22:16 - 2015-01-13 22:14 - 05609736 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2015-01-13 21:34 - 2015-01-13 21:34 - 03148854 _____ () C:\Users\admin\Documents\Decrypt All Files mmjujvj.bmp
2015-01-13 21:34 - 2015-01-13 21:34 - 00001266 _____ () C:\Users\admin\Documents\Decrypt All Files mmjujvj.txt
2015-01-13 20:03 - 2015-01-09 21:16 - 02737120 _____ () C:\Users\admin\Desktop\DSCN1225.JPG.wdfljvj
2015-01-13 20:03 - 2015-01-07 22:15 - 02286576 _____ () C:\Users\admin\Downloads\ORGANICKÁ CHEMIE.DOCX.wdfljvj
2015-01-13 20:03 - 2015-01-07 22:14 - 01213136 _____ () C:\Users\admin\Downloads\Vypracovane_otazky organa.DOC.wdfljvj
2015-01-13 20:03 - 2015-01-07 14:45 - 01638528 _____ () C:\Users\admin\Downloads\3_Organick_slou_eniny_dus_ku_a_kysl_ku (1).PDF.wdfljvj
2015-01-13 20:03 - 2015-01-07 14:18 - 01638528 _____ () C:\Users\admin\Downloads\3_Organick_slou_eniny_dus_ku_a_kysl_ku.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-07 14:10 - 02052240 _____ () C:\Users\admin\Downloads\Lipidy.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-07 10:44 - 01357056 _____ () C:\Users\admin\Downloads\sacharidy-bez_animaci.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-06 19:45 - 01945296 _____ () C:\Users\admin\Downloads\prilohy_26561.ZIP.wdfljvj
2015-01-13 20:03 - 2015-01-04 22:05 - 01175040 _____ () C:\Users\admin\Downloads\zaverecna_prace.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-04 10:17 - 02316784 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky-1.DOCX.wdfljvj
2015-01-13 20:03 - 2015-01-04 09:42 - 01373088 _____ () C:\Users\admin\Downloads\2_Organick_chemie-2pred.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-04 09:42 - 01302144 _____ () C:\Users\admin\Downloads\4_Karboxylov_fci_der (2).PDF.wdfljvj
2015-01-13 20:03 - 2015-01-04 09:41 - 01302144 _____ () C:\Users\admin\Downloads\4_Karboxylov_fci_der (1).PDF.wdfljvj
2015-01-13 20:03 - 2012-04-18 01:15 - 01559088 _____ () C:\Users\admin\Documents\UPRAVENO – kopie.PDF.wdfljvj
2015-01-13 20:03 - 2012-02-23 21:05 - 01636224 _____ () C:\Users\admin\Downloads\Nova slozka.ZIP.wdfljvj
2015-01-13 19:06 - 2015-01-13 19:06 - 00000000 ____D () C:\Users\admin\AppData\Local\RKB
2015-01-13 17:46 - 2015-01-13 21:34 - 01121537 _____ () C:\ProgramData\ihvhzvh.html
2015-01-13 17:43 - 2015-01-13 17:43 - 00002866 _____ () C:\Windows\System32\Tasks\pbklicg
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\Users\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\Users\AppData\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\Users\admin\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\Users\HELP_DECRYPT.URL
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\Users\AppData\HELP_DECRYPT.URL
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\Users\admin\HELP_DECRYPT.URL
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\HELP_DECRYPT.URL
2015-01-12 14:41 - 2015-01-12 14:41 - 00008562 _____ () C:\Users\admin\Downloads\HELP_DECRYPT.HTML
2015-01-12 14:41 - 2015-01-12 14:41 - 00000280 _____ () C:\Users\admin\Downloads\HELP_DECRYPT.URL
2015-01-12 14:40 - 2015-01-12 14:40 - 00008562 _____ () C:\Users\admin\Documents\HELP_DECRYPT.HTML
2015-01-12 14:40 - 2015-01-12 14:40 - 00000280 _____ () C:\Users\admin\Documents\HELP_DECRYPT.URL
2015-01-12 14:23 - 2015-01-12 17:08 - 00001376 _____ () C:\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:23 - 2015-01-12 13:52 - 00001376 _____ () C:\ProgramData\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:23 - 2010-12-02 13:41 - 00021168 _____ () C:\Program Files (x86)\EULA.CS.wdfljvj
2015-01-12 14:23 - 2010-03-11 12:35 - 00000416 ____H () C:\SWSTAMP.TXT.wdfljvj
2015-01-12 13:57 - 2015-01-12 13:57 - 00008562 _____ () C:\Users\admin\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-12 13:57 - 2015-01-12 13:57 - 00008562 _____ () C:\Users\admin\AppData\HELP_DECRYPT.HTML
2015-01-12 13:57 - 2015-01-12 13:57 - 00000280 _____ () C:\Users\admin\AppData\Roaming\HELP_DECRYPT.URL
2015-01-12 13:57 - 2015-01-12 13:57 - 00000280 _____ () C:\Users\admin\AppData\HELP_DECRYPT.URL
2015-01-12 13:56 - 2015-01-12 13:56 - 00008562 _____ () C:\Users\admin\AppData\Local\HELP_DECRYPT.HTML
2015-01-12 13:56 - 2015-01-12 13:56 - 00000280 _____ () C:\Users\admin\AppData\Local\HELP_DECRYPT.URL
2015-01-12 13:52 - 2015-01-12 13:52 - 00008562 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-12 13:52 - 2015-01-12 13:52 - 00000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-07 14:44 - 2015-01-13 20:40 - 00000000 ____D () C:\Users\admin\Desktop\ORGANIKA
2015-01-07 08:53 - 2015-01-07 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-07 08:52 - 2015-01-07 08:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-07 08:52 - 2015-01-07 08:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-07 08:49 - 2015-01-07 08:49 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-06 19:46 - 2015-01-13 19:24 - 00000000 ____D () C:\Users\admin\Desktop\6.1
2015-01-06 08:55 - 2015-01-13 22:50 - 00000000 ____D () C:\42686079
2015-01-06 08:21 - 2015-01-06 08:21 - 00000000 ____D () C:\Windows\SysWOW64\ຐ֭ೀ֭sers
2015-01-05 18:36 - 2015-01-05 18:38 - 35432576 _____ () C:\Users\admin\Downloads\Koně-1.PPT.mmjujvj
2015-01-05 18:24 - 2015-01-13 21:10 - 00000000 ____D () C:\Users\admin\Desktop\hygiena
2015-01-04 15:17 - 2015-01-13 21:07 - 00000000 ____D () C:\Users\admin\Desktop\exo 6-11
2015-01-04 15:17 - 2015-01-13 20:51 - 00000000 ____D () C:\Users\admin\Desktop\exo1-5
2015-01-04 15:15 - 2015-01-04 15:16 - 20022832 _____ () C:\Users\admin\Downloads\prilohy_390.ZIP.mmjujvj
2015-01-03 21:26 - 2015-01-03 21:26 - 00001725 _____ () C:\Users\admin\Desktop\Computer.lnk
2014-12-30 17:07 - 2015-01-13 20:28 - 00000000 ____D () C:\Users\admin\Desktop\30122014
2014-12-30 16:41 - 2015-01-12 13:47 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-30 16:34 - 2014-12-30 16:35 - 53898616 _____ () C:\Users\admin\Downloads\Nepotvrzeno 2911.crdownload
2014-12-30 16:33 - 2014-12-30 16:35 - 936785696 _____ () C:\Users\admin\Desktop\Anorganická a organická chemie.ZIP.mmjujvj
2014-12-23 14:44 - 2014-12-23 14:44 - 00000000 ____D () C:\Users\admin\AppData\Roaming\CrystalIdea Software
2014-12-22 08:46 - 2014-12-22 08:46 - 00002121 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2014-12-19 19:00 - 2014-12-19 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-19 18:59 - 2014-12-19 19:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-16 20:12 - 2014-12-16 20:12 - 00000000 ____D () C:\found.000
2014-12-15 20:53 - 2014-12-15 20:53 - 00004651 _____ () C:\Users\admin\how_decrypt.html
2014-12-15 20:53 - 2014-12-15 20:53 - 00004651 _____ () C:\Users\admin\AppData\Local\how_decrypt.html
2014-12-15 19:53 - 2015-01-13 20:24 - 00000000 ____D () C:\Users\admin\Desktop\eko zk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 11:47 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:47 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 23:49 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-13 23:48 - 2009-07-14 03:34 - 77066240 _____ () C:\Windows\system32\config\software.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 21495808 _____ () C:\Windows\system32\config\system.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 03862528 _____ () C:\Windows\system32\config\default.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2015-01-13 23:00 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-13 21:29 - 2011-09-19 20:06 - 00000000 ____D () C:\Users\admin\Desktop\ŠKOLA
2015-01-13 21:29 - 2011-02-02 18:08 - 00000000 ____D () C:\Users\admin\Desktop\ZDENDA
2015-01-13 21:15 - 2012-06-26 22:15 - 00000000 ____D () C:\Users\admin\Desktop\ostatní
2015-01-13 21:10 - 2010-09-30 10:26 - 00000000 ____D () C:\Users\admin\Documents\ČZU ABPS
2015-01-13 21:04 - 2013-07-17 21:05 - 00000000 ____D () C:\Users\admin\Desktop\promoce
2015-01-13 21:04 - 2013-05-31 12:30 - 00000000 ____D () C:\Users\admin\Desktop\nor
2015-01-13 20:57 - 2010-04-08 14:20 - 00000000 ____D () C:\ProgramData\ATI
2015-01-13 20:52 - 2013-05-23 16:34 - 00000000 ____D () C:\Users\admin\Desktop\best
2015-01-13 20:50 - 2010-10-31 19:49 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-13 20:46 - 2012-08-31 07:57 - 00000000 ____D () C:\Users\admin\Desktop\N
2015-01-13 20:37 - 2013-07-23 21:44 - 00000000 ____D () C:\Users\admin\Desktop\mobil
2015-01-13 20:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-13 20:29 - 2014-08-17 19:23 - 00000000 ____D () C:\Users\admin\Desktop\Od Zdendy Django + války
2015-01-13 20:27 - 2013-12-02 21:30 - 00000000 ____D () C:\Users\admin\Desktop\podzim 2013
2015-01-13 20:22 - 2014-08-07 15:50 - 00000000 ____D () C:\Users\admin\Desktop\Zoo Dvůr Králové 7.8.2014
2015-01-13 20:00 - 2010-09-27 19:21 - 00000000 ____D () C:\Users\admin\AppData\Local\MediaMonkey
2015-01-13 19:59 - 2011-09-26 19:46 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 19:37 - 2014-02-10 20:30 - 00000000 ____D () C:\Users\admin\Desktop\prilohy_17781
2015-01-13 19:32 - 2014-06-17 11:55 - 00000000 ____D () C:\Users\admin\Desktop\Matěj
2015-01-13 19:28 - 2014-09-10 09:47 - 00000000 ____D () C:\Users\admin\Desktop\Custer na FB
2015-01-13 19:28 - 2013-10-11 20:01 - 00000000 ____D () C:\Users\admin\Desktop\1. Mgr
2015-01-13 19:26 - 2014-08-25 08:22 - 00000000 ____D () C:\Users\admin\Desktop\CUSTER
2015-01-13 19:18 - 2014-11-10 17:33 - 00000000 ____D () C:\Users\admin\Desktop\DP
2015-01-13 19:18 - 2013-01-08 07:45 - 00000000 ____D () C:\Users\admin\AppData\Roaming\MyHeritage
2015-01-13 19:18 - 2012-07-14 20:18 - 00000000 ____D () C:\Users\admin\Documents\samsung
2015-01-13 19:18 - 2011-09-05 17:42 - 00000000 ____D () C:\Users\admin\Documents\Spartan
2015-01-13 19:18 - 2010-10-04 22:44 - 00000000 ____D () C:\Users\admin\AppData\Roaming\BitTorrent
2015-01-13 19:18 - 2010-09-27 17:03 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2015-01-13 19:17 - 2014-12-10 11:33 - 00000000 ____D () C:\Users\admin\Desktop\Anorganická a organická chemie
2015-01-13 19:17 - 2012-09-01 08:07 - 00000000 ____D () C:\Users\admin\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2015-01-13 19:17 - 2012-05-03 21:28 - 00000000 ____D () C:\Users\admin\Desktop\hry
2015-01-13 19:17 - 2011-02-23 12:53 - 00000000 ____D () C:\Users\admin\Downloads\Zoo Tycoon 2
2015-01-13 19:17 - 2011-01-09 14:22 - 00000000 ____D () C:\Users\admin\Documents\DVDVideoSoft
2015-01-13 19:17 - 2010-12-26 23:41 - 00000000 ____D () C:\Users\admin\Documents\EA Games
2015-01-13 19:17 - 2010-12-05 16:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Real
2015-01-13 19:17 - 2010-11-07 11:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Samsung
2015-01-13 19:17 - 2010-10-04 20:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\YoudaGames
2015-01-13 19:17 - 2010-09-27 23:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2015-01-13 19:17 - 2010-09-27 19:39 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2015-01-13 19:17 - 2010-09-04 17:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Toshiba
2015-01-13 19:17 - 2010-09-04 12:38 - 00000000 ____D () C:\Users\admin
2015-01-13 19:15 - 2013-09-16 18:54 - 00000000 ____D () C:\Users\admin\AppData\Local\Pokki
2015-01-13 19:15 - 2010-09-27 17:03 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla
2015-01-13 19:13 - 2012-04-17 18:54 - 00000000 ____D () C:\Users\admin\AppData\Local\Facebook
2015-01-13 19:13 - 2010-09-27 13:56 - 00000000 ____D () C:\Users\admin\AppData\Local\Microsoft Games
2015-01-13 19:13 - 2010-09-27 13:28 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2015-01-13 19:12 - 2013-11-25 18:38 - 00000000 ____D () C:\PC TRANSLATOR DEMO
2015-01-13 19:12 - 2010-03-11 12:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2015-01-13 19:11 - 2010-03-11 12:04 - 00000000 ____D () C:\Program Files (x86)\eBay
2015-01-13 17:46 - 2010-03-11 12:15 - 00000000 ____D () C:\Works
2015-01-13 17:45 - 2012-12-26 21:28 - 00000000 ____D () C:\ProgramData\MyHeritage
2015-01-13 17:45 - 2010-10-11 22:20 - 00000000 ____D () C:\ProgramData\DivX
2015-01-13 17:45 - 2010-10-11 15:33 - 00000000 ____D () C:\Program Files (x86)\Miranda IM
2015-01-13 17:45 - 2010-09-27 19:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-13 17:45 - 2010-09-27 19:39 - 00000000 ____D () C:\ProgramData\Skype
2015-01-13 17:45 - 2010-09-27 19:21 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2015-01-13 17:45 - 2010-09-27 14:41 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-13 17:45 - 2010-04-08 14:36 - 00000000 ____D () C:\ProgramData\TOSHIBA
2015-01-13 17:45 - 2010-04-08 14:19 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-01-13 17:45 - 2010-03-11 12:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-13 17:45 - 2010-03-11 12:10 - 00000000 ____D () C:\ProgramData\SiteAdvisor
2015-01-13 17:45 - 2010-03-11 11:11 - 00000000 ____D () C:\Toshiba
2015-01-13 17:44 - 2010-03-11 12:06 - 00000000 ____D () C:\Program Files (x86)\Toshiba TEMPRO
2015-01-12 17:08 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 17:08 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\AppData\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 17:08 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:41 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\Downloads\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:40 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\Documents\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:10 - 2009-07-14 06:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 13:57 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\AppData\Roaming\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 13:57 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\AppData\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 13:56 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\AppData\Local\HELP_DECRYPT.TXT.wdfljvj
2015-01-09 22:26 - 2012-03-08 08:12 - 00409568 _____ () C:\Users\admin\Downloads\aminy01.DOC.wdfljvj
2015-01-09 18:41 - 2012-03-08 08:12 - 00116320 _____ () C:\Users\admin\Desktop\10614273_10203281861630849_3064998190579993020_n.JPG.wdfljvj
2015-01-08 20:01 - 2012-03-08 08:12 - 00653856 _____ () C:\Users\admin\Downloads\objednavka_vysetreni_vzorku.DOC.wdfljvj
2015-01-08 20:00 - 2012-03-08 08:12 - 00078192 _____ () C:\Users\admin\Downloads\olv_vzor_1_vzorky (1).DOC.wdfljvj
2015-01-08 19:55 - 2012-03-08 08:12 - 00078192 _____ () C:\Users\admin\Downloads\olv_vzor_1_vzorky.DOC.wdfljvj
2015-01-07 22:13 - 2012-03-08 08:12 - 00957280 _____ () C:\Users\admin\Downloads\org. zprac. okruhy.DOCX.wdfljvj
2015-01-07 14:44 - 2012-03-08 08:12 - 00199776 _____ () C:\Users\admin\Downloads\4_Tetrasubstituovan_deriv_ty_methanu.PDF.wdfljvj
2015-01-07 14:30 - 2012-03-08 08:12 - 00068976 _____ () C:\Users\admin\Downloads\otazkynazkousku(czuborec.cz-81c6d).DOC.wdfljvj
2015-01-07 14:28 - 2012-03-08 08:12 - 00070512 _____ () C:\Users\admin\Downloads\chemietahak(czuborec.cz-91ppd).DOC.wdfljvj
2015-01-07 14:25 - 2012-03-08 08:12 - 00037568 _____ () C:\Users\admin\Downloads\karboxylovekyseliny--(czuborec.cz-a65y7).doc.ZIP.wdfljvj
2015-01-07 14:24 - 2012-03-08 08:12 - 00494592 _____ () C:\Users\admin\Downloads\bilkoviny(czuborec.cz-a3196).DOC.wdfljvj
2015-01-07 14:23 - 2012-03-08 08:12 - 00067952 _____ () C:\Users\admin\Downloads\vzorovy_test(czuborec.cz-j5frs).DOC.wdfljvj
2015-01-07 14:23 - 2012-03-08 08:12 - 00064880 _____ () C:\Users\admin\Downloads\organika-test(czuborec.cz-u74ld).DOC.wdfljvj
2015-01-07 14:21 - 2012-03-08 08:12 - 00136000 _____ () C:\Users\admin\Downloads\zkouska_chemie_vypracovane(czuborec.cz-sxl2i).doc.ZIP.wdfljvj
2015-01-07 09:53 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1 (3).PDF.wdfljvj
2015-01-07 09:52 - 2012-03-08 08:12 - 00025440 _____ () C:\Users\admin\Downloads\k_organice_.DOC.wdfljvj
2015-01-07 09:51 - 2012-03-08 08:12 - 00028000 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky (2).DOC.wdfljvj
2015-01-07 09:50 - 2012-03-08 08:12 - 00011136 _____ () C:\Users\admin\Downloads\AF 2015.XLSX.wdfljvj
2015-01-06 18:57 - 2010-12-05 16:20 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4276310980-1373315075-2881649484-1000
2015-01-06 18:57 - 2010-12-05 16:20 - 00003210 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4276310980-1373315075-2881649484-1000
2015-01-06 08:21 - 2012-07-20 20:58 - 00011743 _____ () C:\Windows\SysWOW64\debug.log
2015-01-04 21:06 - 2012-03-08 08:12 - 00028000 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky (1).DOC.wdfljvj
2015-01-04 15:20 - 2014-12-09 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-04 15:20 - 2013-06-05 09:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-04 15:20 - 2012-09-24 10:56 - 00000000 ____D () C:\Program Files (x86)\Photo Story 3 for Windows
2015-01-04 15:20 - 2012-09-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-01-04 15:20 - 2011-09-05 14:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-01-04 15:20 - 2011-02-23 13:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-01-04 15:20 - 2011-01-31 11:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-01-04 15:20 - 2011-01-31 11:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-01-04 15:20 - 2010-12-26 23:25 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2015-01-04 15:20 - 2010-12-26 23:21 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-01-04 15:20 - 2010-12-05 16:19 - 00000000 ____D () C:\Program Files (x86)\Real
2015-01-04 15:20 - 2010-11-07 23:30 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-04 15:20 - 2010-11-07 11:59 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution
2015-01-04 15:20 - 2010-11-07 11:59 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2015-01-04 15:20 - 2010-11-02 11:09 - 00000000 ____D () C:\Program Files (x86)\Pidgin
2015-01-04 15:20 - 2010-10-11 22:20 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-01-04 15:20 - 2010-10-06 13:57 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2015-01-04 15:20 - 2010-10-02 20:47 - 00000000 ____D () C:\Program Files (x86)\QIP 2010
2015-01-04 15:20 - 2010-09-27 20:03 - 00000000 ____D () C:\Program Files (x86)\QIP
2015-01-04 15:20 - 2010-04-08 14:31 - 00000000 ____D () C:\Program Files (x86)\Realtek WLAN Driver
2015-01-04 15:20 - 2010-03-11 12:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-04 15:20 - 2010-03-11 12:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-04 15:20 - 2010-03-11 12:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-04 15:20 - 2010-03-11 12:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-04 15:20 - 2010-03-11 11:54 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-04 15:20 - 2010-03-11 11:53 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-04 15:20 - 2010-03-11 11:51 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-04 15:20 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-04 15:20 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-04 11:42 - 2012-03-08 08:12 - 00000512 ____H () C:\Users\admin\Desktop\~$ruhy_ot_zek_k_organick_sti_zkou_ky-1.DOCX.wdfljvj
2015-01-04 10:52 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1 (2).PDF.wdfljvj
2015-01-04 10:47 - 2014-05-30 13:35 - 00001982 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-04 10:47 - 2012-03-08 08:12 - 00042832 _____ () C:\Users\admin\Desktop\1461267_10203731813201884_4525841001195253217_n.JPG.wdfljvj
2015-01-04 10:04 - 2012-03-08 08:12 - 00022112 _____ () C:\Users\admin\Downloads\org reakce.DOCX.wdfljvj
2015-01-04 10:01 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1 (1).PDF.wdfljvj
2015-01-04 09:30 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1.PDF.wdfljvj
2015-01-04 09:21 - 2012-03-08 08:12 - 00028000 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky.DOC.wdfljvj
2015-01-04 08:29 - 2013-11-17 13:43 - 00002292 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-22 19:49 - 2012-09-24 11:21 - 00000000 ____D () C:\Users\admin\AppData\Local\Windows Live
2014-12-19 19:00 - 2013-06-05 12:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-15 22:16 - 2010-09-04 12:52 - 00111608 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:05

==================== End Of Log ============================

[Martina.Br.]

Addition:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by admin at 2015-01-14 12:34:42
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader 9.4.0 - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Age of Empires Online (HKLM-x32\...\GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}) (Version: 1.0.0000.129 - Microsoft Studios)
Age of Empires Online (x32 Version: 1.0.0000.129 - Microsoft Studios) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Amazon.co.uk (HKLM-x32\...\{A74F16FA-1D5B-405B-8D8D-1BC6F9DAED8B}) (Version: - Amazon EU S.a.r.L.)
ATI Catalyst Install Manager (HKLM\...\{C260A1C3-EB49-F99A-38BA-B59C020D4609}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\BC15EA930074932BB2C4B4493C9FD4EA95087D1A) (Version: 10/12/2007 6.85.4.0 - Nokia)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
ccc-core-static (x32 Version: 2009.0908.2225.38429 - Název společnosti:) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Centrum zařízení Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.1.2.2 - DivX, Inc. )
DVDVideoSoft Toolbar (HKLM-x32\...\DVDVideoSoft Toolbar) (Version: - )
EA Download Manager (HKLM-x32\...\EADM) (Version: 7.0.0.59 - Electronic Arts, Inc.)
eBay (HKLM-x32\...\{E1FFC21B-CB65-4C06-8FEA-16F47A4222FD}) (Version: 1.0.5 - eBay Inc.)
ESET Smart Security (HKLM\...\{CB18E365-D002-4321-AA24-88489B61ECB1}) (Version: 4.2.58.5 - ESET, spol. s r.o.)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hřebčín (HKLM-x32\...\Hřebčín_is1) (Version: 1.0 - TopQer s.r.o.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
iscsicli (HKLM\...\{f48a0c57-7c48-461c-9957-ab255ddc986e}.sdb) (Version: - )
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0405-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
Mozilla Firefox 34.0.5 (x86 cs) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 cs)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 6.0.0.5634 - MyHeritage.com)
Nastaveni hadrware TOSHIBA (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.18C - TOSHIBA CORPORATION)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
OptimizerPro Updater (HKLM-x32\...\OptimizerProUpdater) (Version: - ) <==== ATTENTION
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
PC Connectivity Solution (HKLM-x32\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PC Translator 2007 DEMO (HKLM-x32\...\PC Translator 2007 DEMO) (Version: - )
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QIP 2005 8095 (HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\...\QIP 2005) (Version: 8095 - )
Radegast Image screensaver (HKLM-x32\...\Radegast Image screensaver_is1) (Version: - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
Samsung New PC Studio USB Driver Installer (HKLM-x32\...\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM-x32\...\{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}) (Version: 1.3.800.0 - SAMSUNG Electronics CO., LTD.)
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Smileys We Love Toolbar for IE (HKLM-x32\...\{4B67E501-761A-4544-BD88-3CCB23746516}) (Version: 3.0.17 - SqueekyChocolate, LLC) <==== ATTENTION
STATISTICA CZ 12 64-bit (HKLM\...\{ED579539-9D37-4600-B763-D450593F501B}) (Version: 12.0.1133.2 - StatSoft, Inc.)
STATNOVAPDF (novaPDF 7.7 printer) (HKLM\...\STATNOVAPDF_is1) (Version: - Softland)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
Šetřič Cimrman 1 (HKLM-x32\...\Šetřič Cimrman 1) (Version: - )
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14484 - TeamViewer)
The Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.06.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.06-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)
TOSHIBA Heslo správce (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.7C - TOSHIBA CORPORATION)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.00 - TOSHIBA)
Toshiba Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.08.0001 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.08.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
Toshiba TEMPRO (HKLM-x32\...\{14555947-6F14-421F-8F61-6489E0FDFAE5}) (Version: 3.08 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.34.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.9 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: - )
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
Uniblue RegistryBooster (HKLM-x32\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version: - Uniblue Systems Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UpdateChecker (HKLM-x32\...\SqueakyChocolate, LLC UpdateChecker) (Version: - SqueakyChocolate, LLC) <==== ATTENTION
Utility Common Driver (x32 Version: 1.0.50.27C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Vienna Miranda Pack 1.1.0 (HKLM-x32\...\Vienna Miranda Pack 1.1.0) (Version: - )
VLC media player 1.1.4 (HKLM-x32\...\VLC media player) (Version: 1.1.4 - VideoLAN)
Výstraha HDD/SSD TOSHIBA (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.4 - TOSHIBA Corporation)
Výstraha HDD/SSD TOSHIBA (Version: 3.1.64.4 - TOSHIBA Corporation) Hidden
Výstraha HDD/SSD TOSHIBA (x32 Version: 3.1.64.4 - TOSHIBA Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM-x32\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 4.0.1.700 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{068B46A0-8858-4CEB-80BC-A4AE787A05FC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Zoo Tycoon Čeština 1.05 (HKU\S-1-5-21-4276310980-1373315075-2881649484-1000\...\Zoo Tycoon Čeština 1.05) (Version: - )
Zoo Tycoon Marine Mania and Dinosaur Digs Trial (HKLM-x32\...\Zoo Tycoon Marine Mania and Dinosaur Digs Trial) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

13-01-2015 22:41:34 ComboFix created restore point
14-01-2015 11:00:48 Malwarebytes Anti-Rootkit Restore Point
14-01-2015 11:37:36 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-14 11:37 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B455153-8EA3-4E5F-844B-765682A446FE} - System32\Tasks\{9F283E79-CC1F-46B1-A513-BF7C8B24CF0C} => pcalua.exe -a C:\Users\admin\Desktop\Stopovac.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {24EBC59C-A206-4A9E-B59B-34974E2F08AF} - System32\Tasks\{68C0B1C6-5EC9-46CF-B2E6-E8DD734F42B1} => pcalua.exe -a "C:\Users\admin\Desktop\zoo tycoon 1\INSTMSIA.EXE" -d "C:\Users\admin\Desktop\zoo tycoon 1"
Task: {28F8903F-0043-444A-A2A4-180FBC282237} - System32\Tasks\{F461625C-DC77-4773-B3EA-70F8C461F416} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon\zoo.exe [2003-07-28] (Microsoft Corporation)
Task: {315C9D44-CBC1-4290-B288-94B8CD42E263} - \Security Center Update - 591574539 No Task File <==== ATTENTION
Task: {346AB88F-AB15-456F-AC58-7703B42D4480} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4276310980-1373315075-2881649484-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {3928B1B0-B19B-482D-B4C7-CA6EE5059FAE} - System32\Tasks\{6A047416-DA6A-486F-A6CB-63C464227EF1} => pcalua.exe -a "C:\Users\admin\Desktop\zoo tycoon 1\DCOM95.EXE" -d "C:\Users\admin\Desktop\zoo tycoon 1"
Task: {462A63C5-DEE7-469B-A0ED-F68CC390E859} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4276310980-1373315075-2881649484-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {4B54FB25-9109-4171-A98E-3F556BB38716} - \Security Center Update - 3998176165 No Task File <==== ATTENTION
Task: {600A1A55-32BD-4C19-93FE-D1228C31C1E2} - System32\Tasks\{281C3B47-8F49-4D6D-AFBB-794924E82460} => pcalua.exe -a C:\Users\admin\Desktop\qip-2005-8095-cestina.exe -d C:\Users\admin\Desktop
Task: {6F2A3E82-05CB-4E92-B0DB-B73D1CBC1E10} - System32\Tasks\{FB67838C-96EC-45F9-B6AF-4034D9F53618} => pcalua.exe -a "C:\Users\admin\Desktop\Zoo tycoon CZ.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {74B09CB0-4244-4149-9161-98C5C17FF3E0} - System32\Tasks\{E1BF27F9-4130-4507-9DC9-463D56AA8C32} => pcalua.exe -a "F:\win rar full CZ.exe" -d F:\
Task: {8987D233-8B33-4645-954C-D426915472DE} - \Security Center Update - 3741571091 No Task File <==== ATTENTION
Task: {8CD65602-CC61-43CB-B8D7-40B3FD8D0867} - System32\Tasks\pbklicg => C:\Users\admin\AppData\Local\Temp\bhvnyma.exe <==== ATTENTION
Task: {94C4FCE4-AB7E-4F05-9715-B1DFC0426BEE} - \Security Center Update - 607701921 No Task File <==== ATTENTION
Task: {97A59278-B33F-49DA-9100-F0AFAF5B11FC} - System32\Tasks\{5DCE500B-0D1B-447B-AA2C-4B93CB0B67D1} => C:\Program Files (x86)\Microsoft Games\Zoo Tycoon\zoo.exe [2003-07-28] (Microsoft Corporation)
Task: {A09349B0-C40E-4C2F-8BF1-2E2CD4AF7E43} - System32\Tasks\{CE22492E-1F9C-4A1F-819D-17690770782C} => pcalua.exe -a "F:\win rar full CZ.exe" -d F:\
Task: {A237B235-E658-4D21-88B1-2E22E975E715} - \Security Center Update - 514026233 No Task File <==== ATTENTION
Task: {A3DAA4CE-93EC-4776-BD37-CCF4AFF06801} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {AB07F55B-607A-4B89-A2D3-EE1550ABDBCA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {B05AFCB3-3443-41D3-BC4E-17CB643A07E7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000Core => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {BD655B7B-BCC8-4338-9611-DBCBDB2AC22E} - System32\Tasks\{75503BB2-8C9D-49FE-83A6-1E27ED31E548} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {C30724DC-A4E0-4A02-BB5A-E4AE5DC891A6} - System32\Tasks\{593802F5-B65D-42B2-9FDA-E5B8A9A417F9} => pcalua.exe -a C:\Users\admin\Downloads\20080115160749328_Samsung_PC_Studio_313_GJ9.exe -d C:\Users\admin\Downloads
Task: {C538E40A-F276-4469-9C27-37613545DB4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {CFB92975-37C5-4D5B-AFA3-1FEA38134BA4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4276310980-1373315075-2881649484-1000UA => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {DF9099A6-3687-499B-AA55-BED2CFD11FEC} - \Security Center Update - 3425793768 No Task File <==== ATTENTION
Task: {F89A9F99-1BA4-459F-B4B9-8C481357556B} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)

==================== Loaded Modules (whitelisted) =============

2010-09-27 14:41 - 2010-02-10 17:10 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2009-11-30 11:06 - 2009-11-30 11:06 - 03241320 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2009-10-18 14:20 - 2009-10-18 14:20 - 07959864 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-11 11:56 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 18:08 - 2009-03-12 18:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-05-04 09:45 - 2009-05-04 09:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-04-08 14:20 - 2010-04-08 14:20 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-11-05 09:18 - 2009-11-05 09:18 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

admin (S-1-5-21-4276310980-1373315075-2881649484-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-4276310980-1373315075-2881649484-500 - Administrator - Disabled)
Guest (S-1-5-21-4276310980-1373315075-2881649484-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4276310980-1373315075-2881649484-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/14/2015 11:37:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {525f458d-4430-4498-8fcf-a91f23144e4c}

Error: (01/14/2015 10:16:46 AM) (Source: Google Update) (EventID: 20) (User: admin-TOSH)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (01/14/2015 01:02:05 AM) (Source: Google Update) (EventID: 20) (User: admin-TOSH)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (01/13/2015 10:02:06 PM) (Source: Google Update) (EventID: 20) (User: admin-TOSH)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (01/13/2015 08:12:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: Hodnota řetězce vysvětlujícího textu čítače výkonu v registru je nesprávně naformátovaná. Chybně vytvořený řetězec je . První hodnota DWORD v datové oblasti obsahuje hodnotu indexu chybně vytvořeného řetězce, zatímco druhá a třetí hodnota DWORD v datové oblasti obsahují poslední platné hodnoty indexu.

Error: (01/13/2015 07:07:10 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: Došlo k selhání kritického systémového procesu C:\Windows\system32\lsass.exe se stavovým kódem 00000000. Počítač je nyní nutné restartovat.

Error: (01/13/2015 06:05:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1 se nezdařilo.
Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (01/13/2015 05:37:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: oTaqQQHuieVKqGE.exe, verze: 1.0.0.1, časové razítko: 0x548f19ce
Název chybujícího modulu: MFC42.DLL, verze: 6.6.8064.0, časové razítko: 0x4d79b3c0
Kód výjimky: 0xc0000005
Posun chyby: 0x0001abc6
ID chybujícího procesu: 0x7b4
Čas spuštění chybující aplikace: 0xoTaqQQHuieVKqGE.exe0
Cesta k chybující aplikaci: oTaqQQHuieVKqGE.exe1
Cesta k chybujícímu modulu: oTaqQQHuieVKqGE.exe2
ID zprávy: oTaqQQHuieVKqGE.exe3

Error: (01/13/2015 06:44:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1 se nezdařilo.
Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (01/13/2015 06:43:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1 se nezdařilo.
Závislé sestavení Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.


System errors:
=============
Error: (01/14/2015 11:42:15 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba Intel(R) Management & Security Application User Notification Service závisí na následující službě: LMS. Tato služba pravděpodobně není nainstalována.

Error: (01/14/2015 11:40:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
%%1075

Error: (01/14/2015 11:40:14 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba Server závisí na následující službě: SamSS. Tato služba pravděpodobně není nainstalována.

Error: (01/14/2015 11:40:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
%%1075

Error: (01/14/2015 11:40:14 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba Server závisí na následující službě: SamSS. Tato služba pravděpodobně není nainstalována.

Error: (01/14/2015 11:40:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
%%1075

Error: (01/14/2015 11:40:14 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba Server závisí na následující službě: SamSS. Tato služba pravděpodobně není nainstalována.

Error: (01/14/2015 11:40:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
%%1075

Error: (01/14/2015 11:40:13 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba Server závisí na následující službě: SamSS. Tato služba pravděpodobně není nainstalována.

Error: (01/14/2015 11:40:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
%%1075


Microsoft Office Sessions:
=========================
Error: (10/11/2010 11:57:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5001, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2015-01-13 23:47:03.688
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-13 23:47:03.594
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-13 23:47:03.501
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-13 23:47:03.407
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-13 23:41:06.089
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-13 23:41:05.995
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-13 23:41:05.901
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-13 23:41:05.823
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-13 22:50:17.397
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-13 22:50:17.319
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 34%
Total physical RAM: 3957.61 MB
Available physical RAM: 2574.96 MB
Total Pagefile: 7913.36 MB
Available Pagefile: 6251.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:70.83 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:225.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2108C78B)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[vyosek]

Jeste docistime, se zasifrovayn soubory se jeste poradim dale s kolegou

Muzete mi zabalit par zasifrovanych doc, excel, obrazku a nekam nahrat - treba LP http://leteckaposta.cz/

- - -

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  Task: {DF9099A6-3687-499B-AA55-BED2CFD11FEC} - \Security Center Update - 3425793768 No Task File <==== ATTENTION
  Task: {A237B235-E658-4D21-88B1-2E22E975E715} - \Security Center Update - 514026233 No Task File <==== ATTENTION
  Task: {8987D233-8B33-4645-954C-D426915472DE} - \Security Center Update - 3741571091 No Task File <==== ATTENTION
  Task: {8CD65602-CC61-43CB-B8D7-40B3FD8D0867} - System32\Tasks\pbklicg => C:\Users\admin\AppData\Local\Temp\bhvnyma.exe <==== ATTENTION
  Task: {94C4FCE4-AB7E-4F05-9715-B1DFC0426BEE} - \Security Center Update - 607701921 No Task File <==== ATTENTION
  Task: {4B54FB25-9109-4171-A98E-3F556BB38716} - \Security Center Update - 3998176165 No Task File <==== ATTENTION
  Task: {315C9D44-CBC1-4290-B288-94B8CD42E263} - \Security Center Update - 591574539 No Task File <==== ATTENTION
  
  2015-01-04 10:47 - 2014-05-30 13:35 - 00001982 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
  2015-01-13 17:45 - 2010-03-11 12:10 - 00000000 ____D () C:\ProgramData\SiteAdvisor
  2015-01-13 19:15 - 2013-09-16 18:54 - 00000000 ____D () C:\Users\admin\AppData\Local\Pokki
  2015-01-13 23:48 - 2009-07-14 03:34 - 77066240 _____ () C:\Windows\system32\config\software.bak
  2015-01-13 23:48 - 2009-07-14 03:34 - 21495808 _____ () C:\Windows\system32\config\system.bak
  2015-01-13 23:48 - 2009-07-14 03:34 - 03862528 _____ () C:\Windows\system32\config\default.bak
  2015-01-13 23:48 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
  2015-01-13 23:48 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
  2014-12-30 16:34 - 2014-12-30 16:35 - 53898616 _____ () C:\Users\admin\Downloads\Nepotvrzeno 2911.crdownload
  2015-01-06 08:55 - 2015-01-13 22:50 - 00000000 ____D () C:\42686079
  2015-01-13 17:46 - 2015-01-13 21:34 - 01121537 _____ () C:\ProgramData\ihvhzvh.html
  2015-01-13 17:43 - 2015-01-13 17:43 - 00002866 _____ () C:\Windows\System32\Tasks\pbklicg
  
  2015-01-14 12:33 - 2015-01-14 12:34 - 00020694 _____ () C:\Users\admin\Desktop\FRST.txt
  2015-01-14 11:39 - 2015-01-14 11:39 - 00000894 _____ () C:\Windows\PFRO.log
  2015-01-14 11:39 - 2015-01-14 11:39 - 00000056 _____ () C:\Windows\setupact.log
  2015-01-14 11:39 - 2015-01-14 11:39 - 00000000 _____ () C:\Windows\setuperr.log
  2015-01-14 11:36 - 2015-01-14 11:36 - 00010336 _____ () C:\Users\admin\Desktop\12.txt
  2015-01-14 11:20 - 2015-01-14 11:20 - 00042257 _____ () C:\Users\admin\Desktop\Addition.txt
  S3 catchme; \??\C:\ComboFix\catchme.sys [X]
  
  BHO-x32: QipLI Class -> {6B5863A0-C43F-4C0A-982B-CC0E9125783F} -> C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll No File
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Martina.Br.]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by admin (administrator) on ADMIN-TOSH on 14-01-2015 12:53:20
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin)
Platform: Windows 7 Home Premium (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Společnost TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-10-15] (Toshiba Europe GmbH)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-12-01] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [134032 2009-08-25] (Toshiba Europe GmbH)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2903688 2010-07-02] (ESET)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> C:\Program Files\StatSoft\STATISTICA 12\StaBHO.dll (StatSoft, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: QipLI Class -> {6B5863A0-C43F-4C0A-982B-CC0E9125783F} -> C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: STATISTICA Browser Helper -> {990A8747-93BF-4EF7-B72E-94A6884B98C2} -> C:\Program Files\StatSoft\STATISTICA 12\Support\StaBHO.dll (StatSoft, Inc.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\Windows\SysWOW64\btxppanel.dll (Broadcom Corporation.)
Tcpip\..\Interfaces\{21D58735-AE15-4842-9829-CBBD2157E4C6}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{4A58A413-B75C-4A66-9274-C26982A7D85A}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{62B8830F-0C16-460D-9FBF-AC757AC06575}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9xepabbp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.609 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.609 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.609 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.609 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4276310980-1373315075-2881649484-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4276310980-1373315075-2881649484-1000: facebook.com/fbDesktopPlugin -> C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-12-05]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-09-27]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Vyhledávání Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-02-14]
CHR Extension: (Peněženka Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2010-12-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2010-07-02] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2010-07-02] (ESET)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-10-15] (Toshiba Europe GmbH)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 BTSERIAL; C:\Windows\SysWOW64\drivers\btserial.sys [23271 2004-11-29] (Broadcom Corporation.) [File not signed]
S2 BTSLBCSP; C:\Windows\SysWOW64\drivers\btslbcsp.sys [222876 2004-11-29] (Broadcom Corporation.) [File not signed]
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [166984 2010-06-24] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139704 2010-04-28] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [169592 2010-04-28] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33608 2010-04-28] (ESET)
R2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50600 2010-04-28] (ESET)
U5 Netlogon; C:\Windows\system32\lsass.exe [31232 2011-11-17] (Microsoft Corporation)
U5 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2011-11-17] (Microsoft Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-09] () [File not signed]
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
U3 axzlilse; C:\Windows\System32\Drivers\axzlilse.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 12:52 - 2015-01-14 12:52 - 00002723 _____ () C:\Users\admin\Desktop\fixlist.txt
2015-01-14 12:51 - 2015-01-14 12:51 - 00002723 _____ () C:\Users\admin\Desktop\dočiš.txt
2015-01-14 12:35 - 2015-01-14 12:35 - 00045453 _____ () C:\Users\admin\Desktop\FRST 1.txt
2015-01-14 12:35 - 2015-01-14 12:35 - 00041106 _____ () C:\Users\admin\Desktop\Addition 1.txt
2015-01-14 12:33 - 2015-01-14 12:53 - 00020694 _____ () C:\Users\admin\Desktop\FRST.txt
2015-01-14 11:39 - 2015-01-14 11:39 - 00000894 _____ () C:\Windows\PFRO.log
2015-01-14 11:39 - 2015-01-14 11:39 - 00000056 _____ () C:\Windows\setupact.log
2015-01-14 11:39 - 2015-01-14 11:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 11:36 - 2015-01-14 11:36 - 00010336 _____ () C:\Users\admin\Desktop\12.txt
2015-01-14 11:20 - 2015-01-14 12:35 - 00041106 _____ () C:\Users\admin\Desktop\Addition.txt
2015-01-14 11:18 - 2015-01-14 12:53 - 00000000 ____D () C:\FRST
2015-01-14 11:18 - 2015-01-14 11:17 - 02124288 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-01-13 23:56 - 2015-01-13 23:56 - 00019557 _____ () C:\ComboFix.txt
2015-01-13 23:41 - 2015-01-13 23:41 - 00001204 _____ () C:\CF-Submit.htm
2015-01-13 22:55 - 2015-01-14 11:43 - 00020089 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 22:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-13 22:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-13 22:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-13 22:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-13 22:16 - 2015-01-14 00:02 - 00000000 ____D () C:\Qoobox
2015-01-13 22:16 - 2015-01-13 23:47 - 00000000 ____D () C:\Windows\erdnt
2015-01-13 22:16 - 2015-01-13 22:14 - 05609736 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2015-01-13 21:34 - 2015-01-13 21:34 - 03148854 _____ () C:\Users\admin\Documents\Decrypt All Files mmjujvj.bmp
2015-01-13 21:34 - 2015-01-13 21:34 - 00001266 _____ () C:\Users\admin\Documents\Decrypt All Files mmjujvj.txt
2015-01-13 20:03 - 2015-01-09 21:16 - 02737120 _____ () C:\Users\admin\Desktop\DSCN1225.JPG.wdfljvj
2015-01-13 20:03 - 2015-01-07 22:15 - 02286576 _____ () C:\Users\admin\Downloads\ORGANICKÁ CHEMIE.DOCX.wdfljvj
2015-01-13 20:03 - 2015-01-07 22:14 - 01213136 _____ () C:\Users\admin\Downloads\Vypracovane_otazky organa.DOC.wdfljvj
2015-01-13 20:03 - 2015-01-07 14:45 - 01638528 _____ () C:\Users\admin\Downloads\3_Organick_slou_eniny_dus_ku_a_kysl_ku (1).PDF.wdfljvj
2015-01-13 20:03 - 2015-01-07 14:18 - 01638528 _____ () C:\Users\admin\Downloads\3_Organick_slou_eniny_dus_ku_a_kysl_ku.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-07 14:10 - 02052240 _____ () C:\Users\admin\Downloads\Lipidy.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-07 10:44 - 01357056 _____ () C:\Users\admin\Downloads\sacharidy-bez_animaci.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-06 19:45 - 01945296 _____ () C:\Users\admin\Downloads\prilohy_26561.ZIP.wdfljvj
2015-01-13 20:03 - 2015-01-04 22:05 - 01175040 _____ () C:\Users\admin\Downloads\zaverecna_prace.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-04 10:17 - 02316784 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky-1.DOCX.wdfljvj
2015-01-13 20:03 - 2015-01-04 09:42 - 01373088 _____ () C:\Users\admin\Downloads\2_Organick_chemie-2pred.PDF.wdfljvj
2015-01-13 20:03 - 2015-01-04 09:42 - 01302144 _____ () C:\Users\admin\Downloads\4_Karboxylov_fci_der (2).PDF.wdfljvj
2015-01-13 20:03 - 2015-01-04 09:41 - 01302144 _____ () C:\Users\admin\Downloads\4_Karboxylov_fci_der (1).PDF.wdfljvj
2015-01-13 20:03 - 2012-04-18 01:15 - 01559088 _____ () C:\Users\admin\Documents\UPRAVENO – kopie.PDF.wdfljvj
2015-01-13 20:03 - 2012-02-23 21:05 - 01636224 _____ () C:\Users\admin\Downloads\Nova slozka.ZIP.wdfljvj
2015-01-13 19:06 - 2015-01-13 19:06 - 00000000 ____D () C:\Users\admin\AppData\Local\RKB
2015-01-13 17:46 - 2015-01-13 21:34 - 01121537 _____ () C:\ProgramData\ihvhzvh.html
2015-01-13 17:43 - 2015-01-13 17:43 - 00002866 _____ () C:\Windows\System32\Tasks\pbklicg
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\Users\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\Users\AppData\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\Users\admin\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00008562 _____ () C:\HELP_DECRYPT.HTML
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\Users\HELP_DECRYPT.URL
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\Users\AppData\HELP_DECRYPT.URL
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\Users\admin\HELP_DECRYPT.URL
2015-01-12 17:08 - 2015-01-12 17:08 - 00000280 _____ () C:\HELP_DECRYPT.URL
2015-01-12 14:41 - 2015-01-12 14:41 - 00008562 _____ () C:\Users\admin\Downloads\HELP_DECRYPT.HTML
2015-01-12 14:41 - 2015-01-12 14:41 - 00000280 _____ () C:\Users\admin\Downloads\HELP_DECRYPT.URL
2015-01-12 14:40 - 2015-01-12 14:40 - 00008562 _____ () C:\Users\admin\Documents\HELP_DECRYPT.HTML
2015-01-12 14:40 - 2015-01-12 14:40 - 00000280 _____ () C:\Users\admin\Documents\HELP_DECRYPT.URL
2015-01-12 14:23 - 2015-01-12 17:08 - 00001376 _____ () C:\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:23 - 2015-01-12 13:52 - 00001376 _____ () C:\ProgramData\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:23 - 2010-12-02 13:41 - 00021168 _____ () C:\Program Files (x86)\EULA.CS.wdfljvj
2015-01-12 14:23 - 2010-03-11 12:35 - 00000416 ____H () C:\SWSTAMP.TXT.wdfljvj
2015-01-12 13:57 - 2015-01-12 13:57 - 00008562 _____ () C:\Users\admin\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-12 13:57 - 2015-01-12 13:57 - 00008562 _____ () C:\Users\admin\AppData\HELP_DECRYPT.HTML
2015-01-12 13:57 - 2015-01-12 13:57 - 00000280 _____ () C:\Users\admin\AppData\Roaming\HELP_DECRYPT.URL
2015-01-12 13:57 - 2015-01-12 13:57 - 00000280 _____ () C:\Users\admin\AppData\HELP_DECRYPT.URL
2015-01-12 13:56 - 2015-01-12 13:56 - 00008562 _____ () C:\Users\admin\AppData\Local\HELP_DECRYPT.HTML
2015-01-12 13:56 - 2015-01-12 13:56 - 00000280 _____ () C:\Users\admin\AppData\Local\HELP_DECRYPT.URL
2015-01-12 13:52 - 2015-01-12 13:52 - 00008562 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-12 13:52 - 2015-01-12 13:52 - 00000280 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-07 14:44 - 2015-01-13 20:40 - 00000000 ____D () C:\Users\admin\Desktop\ORGANIKA
2015-01-07 08:53 - 2015-01-07 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-07 08:52 - 2015-01-07 08:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-07 08:52 - 2015-01-07 08:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-07 08:49 - 2015-01-07 08:49 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-06 19:46 - 2015-01-13 19:24 - 00000000 ____D () C:\Users\admin\Desktop\6.1
2015-01-06 08:55 - 2015-01-13 22:50 - 00000000 ____D () C:\42686079
2015-01-06 08:21 - 2015-01-06 08:21 - 00000000 ____D () C:\Windows\SysWOW64\ຐ֭ೀ֭sers
2015-01-05 18:36 - 2015-01-05 18:38 - 35432576 _____ () C:\Users\admin\Downloads\Koně-1.PPT.mmjujvj
2015-01-05 18:24 - 2015-01-13 21:10 - 00000000 ____D () C:\Users\admin\Desktop\hygiena
2015-01-04 15:17 - 2015-01-13 21:07 - 00000000 ____D () C:\Users\admin\Desktop\exo 6-11
2015-01-04 15:17 - 2015-01-13 20:51 - 00000000 ____D () C:\Users\admin\Desktop\exo1-5
2015-01-04 15:15 - 2015-01-04 15:16 - 20022832 _____ () C:\Users\admin\Downloads\prilohy_390.ZIP.mmjujvj
2015-01-03 21:26 - 2015-01-03 21:26 - 00001725 _____ () C:\Users\admin\Desktop\Computer.lnk
2014-12-30 17:07 - 2015-01-13 20:28 - 00000000 ____D () C:\Users\admin\Desktop\30122014
2014-12-30 16:41 - 2015-01-12 13:47 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-30 16:34 - 2014-12-30 16:35 - 53898616 _____ () C:\Users\admin\Downloads\Nepotvrzeno 2911.crdownload
2014-12-30 16:33 - 2014-12-30 16:35 - 936785696 _____ () C:\Users\admin\Desktop\Anorganická a organická chemie.ZIP.mmjujvj
2014-12-23 14:44 - 2014-12-23 14:44 - 00000000 ____D () C:\Users\admin\AppData\Roaming\CrystalIdea Software
2014-12-22 08:46 - 2014-12-22 08:46 - 00002121 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2014-12-19 19:00 - 2014-12-19 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-19 18:59 - 2014-12-19 19:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-16 20:12 - 2014-12-16 20:12 - 00000000 ____D () C:\found.000
2014-12-15 20:53 - 2014-12-15 20:53 - 00004651 _____ () C:\Users\admin\how_decrypt.html
2014-12-15 20:53 - 2014-12-15 20:53 - 00004651 _____ () C:\Users\admin\AppData\Local\how_decrypt.html
2014-12-15 19:53 - 2015-01-13 20:24 - 00000000 ____D () C:\Users\admin\Desktop\eko zk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-14 11:47 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:47 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 11:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 23:49 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-13 23:48 - 2009-07-14 03:34 - 77066240 _____ () C:\Windows\system32\config\software.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 21495808 _____ () C:\Windows\system32\config\system.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 03862528 _____ () C:\Windows\system32\config\default.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2015-01-13 23:00 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-13 21:29 - 2011-09-19 20:06 - 00000000 ____D () C:\Users\admin\Desktop\ŠKOLA
2015-01-13 21:29 - 2011-02-02 18:08 - 00000000 ____D () C:\Users\admin\Desktop\ZDENDA
2015-01-13 21:15 - 2012-06-26 22:15 - 00000000 ____D () C:\Users\admin\Desktop\ostatní
2015-01-13 21:10 - 2010-09-30 10:26 - 00000000 ____D () C:\Users\admin\Documents\ČZU ABPS
2015-01-13 21:04 - 2013-07-17 21:05 - 00000000 ____D () C:\Users\admin\Desktop\promoce
2015-01-13 21:04 - 2013-05-31 12:30 - 00000000 ____D () C:\Users\admin\Desktop\nor
2015-01-13 20:57 - 2010-04-08 14:20 - 00000000 ____D () C:\ProgramData\ATI
2015-01-13 20:52 - 2013-05-23 16:34 - 00000000 ____D () C:\Users\admin\Desktop\best
2015-01-13 20:50 - 2010-10-31 19:49 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-13 20:46 - 2012-08-31 07:57 - 00000000 ____D () C:\Users\admin\Desktop\N
2015-01-13 20:37 - 2013-07-23 21:44 - 00000000 ____D () C:\Users\admin\Desktop\mobil
2015-01-13 20:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-13 20:29 - 2014-08-17 19:23 - 00000000 ____D () C:\Users\admin\Desktop\Od Zdendy Django + války
2015-01-13 20:27 - 2013-12-02 21:30 - 00000000 ____D () C:\Users\admin\Desktop\podzim 2013
2015-01-13 20:22 - 2014-08-07 15:50 - 00000000 ____D () C:\Users\admin\Desktop\Zoo Dvůr Králové 7.8.2014
2015-01-13 20:00 - 2010-09-27 19:21 - 00000000 ____D () C:\Users\admin\AppData\Local\MediaMonkey
2015-01-13 19:59 - 2011-09-26 19:46 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 19:37 - 2014-02-10 20:30 - 00000000 ____D () C:\Users\admin\Desktop\prilohy_17781
2015-01-13 19:32 - 2014-06-17 11:55 - 00000000 ____D () C:\Users\admin\Desktop\Matěj
2015-01-13 19:28 - 2014-09-10 09:47 - 00000000 ____D () C:\Users\admin\Desktop\Custer na FB
2015-01-13 19:28 - 2013-10-11 20:01 - 00000000 ____D () C:\Users\admin\Desktop\1. Mgr
2015-01-13 19:26 - 2014-08-25 08:22 - 00000000 ____D () C:\Users\admin\Desktop\CUSTER
2015-01-13 19:18 - 2014-11-10 17:33 - 00000000 ____D () C:\Users\admin\Desktop\DP
2015-01-13 19:18 - 2013-01-08 07:45 - 00000000 ____D () C:\Users\admin\AppData\Roaming\MyHeritage
2015-01-13 19:18 - 2012-07-14 20:18 - 00000000 ____D () C:\Users\admin\Documents\samsung
2015-01-13 19:18 - 2011-09-05 17:42 - 00000000 ____D () C:\Users\admin\Documents\Spartan
2015-01-13 19:18 - 2010-10-04 22:44 - 00000000 ____D () C:\Users\admin\AppData\Roaming\BitTorrent
2015-01-13 19:18 - 2010-09-27 17:03 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2015-01-13 19:17 - 2014-12-10 11:33 - 00000000 ____D () C:\Users\admin\Desktop\Anorganická a organická chemie
2015-01-13 19:17 - 2012-09-01 08:07 - 00000000 ____D () C:\Users\admin\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2015-01-13 19:17 - 2012-05-03 21:28 - 00000000 ____D () C:\Users\admin\Desktop\hry
2015-01-13 19:17 - 2011-02-23 12:53 - 00000000 ____D () C:\Users\admin\Downloads\Zoo Tycoon 2
2015-01-13 19:17 - 2011-01-09 14:22 - 00000000 ____D () C:\Users\admin\Documents\DVDVideoSoft
2015-01-13 19:17 - 2010-12-26 23:41 - 00000000 ____D () C:\Users\admin\Documents\EA Games
2015-01-13 19:17 - 2010-12-05 16:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Real
2015-01-13 19:17 - 2010-11-07 11:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Samsung
2015-01-13 19:17 - 2010-10-04 20:52 - 00000000 ____D () C:\Users\admin\AppData\Roaming\YoudaGames
2015-01-13 19:17 - 2010-09-27 23:13 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2015-01-13 19:17 - 2010-09-27 19:39 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2015-01-13 19:17 - 2010-09-04 17:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Toshiba
2015-01-13 19:17 - 2010-09-04 12:38 - 00000000 ____D () C:\Users\admin
2015-01-13 19:15 - 2013-09-16 18:54 - 00000000 ____D () C:\Users\admin\AppData\Local\Pokki
2015-01-13 19:15 - 2010-09-27 17:03 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla
2015-01-13 19:13 - 2012-04-17 18:54 - 00000000 ____D () C:\Users\admin\AppData\Local\Facebook
2015-01-13 19:13 - 2010-09-27 13:56 - 00000000 ____D () C:\Users\admin\AppData\Local\Microsoft Games
2015-01-13 19:13 - 2010-09-27 13:28 - 00000000 ____D () C:\Users\admin\AppData\Local\Google
2015-01-13 19:12 - 2013-11-25 18:38 - 00000000 ____D () C:\PC TRANSLATOR DEMO
2015-01-13 19:12 - 2010-03-11 12:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2015-01-13 19:11 - 2010-03-11 12:04 - 00000000 ____D () C:\Program Files (x86)\eBay
2015-01-13 17:46 - 2010-03-11 12:15 - 00000000 ____D () C:\Works
2015-01-13 17:45 - 2012-12-26 21:28 - 00000000 ____D () C:\ProgramData\MyHeritage
2015-01-13 17:45 - 2010-10-11 22:20 - 00000000 ____D () C:\ProgramData\DivX
2015-01-13 17:45 - 2010-10-11 15:33 - 00000000 ____D () C:\Program Files (x86)\Miranda IM
2015-01-13 17:45 - 2010-09-27 19:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-13 17:45 - 2010-09-27 19:39 - 00000000 ____D () C:\ProgramData\Skype
2015-01-13 17:45 - 2010-09-27 19:21 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2015-01-13 17:45 - 2010-09-27 14:41 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-13 17:45 - 2010-04-08 14:36 - 00000000 ____D () C:\ProgramData\TOSHIBA
2015-01-13 17:45 - 2010-04-08 14:19 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-01-13 17:45 - 2010-03-11 12:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-13 17:45 - 2010-03-11 12:10 - 00000000 ____D () C:\ProgramData\SiteAdvisor
2015-01-13 17:45 - 2010-03-11 11:11 - 00000000 ____D () C:\Toshiba
2015-01-13 17:44 - 2010-03-11 12:06 - 00000000 ____D () C:\Program Files (x86)\Toshiba TEMPRO
2015-01-12 17:08 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 17:08 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\AppData\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 17:08 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:41 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\Downloads\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:40 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\Documents\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 14:10 - 2009-07-14 06:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 13:57 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\AppData\Roaming\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 13:57 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\AppData\HELP_DECRYPT.TXT.wdfljvj
2015-01-12 13:56 - 2012-03-08 08:12 - 00001376 _____ () C:\Users\admin\AppData\Local\HELP_DECRYPT.TXT.wdfljvj
2015-01-09 22:26 - 2012-03-08 08:12 - 00409568 _____ () C:\Users\admin\Downloads\aminy01.DOC.wdfljvj
2015-01-09 18:41 - 2012-03-08 08:12 - 00116320 _____ () C:\Users\admin\Desktop\10614273_10203281861630849_3064998190579993020_n.JPG.wdfljvj
2015-01-08 20:01 - 2012-03-08 08:12 - 00653856 _____ () C:\Users\admin\Downloads\objednavka_vysetreni_vzorku.DOC.wdfljvj
2015-01-08 20:00 - 2012-03-08 08:12 - 00078192 _____ () C:\Users\admin\Downloads\olv_vzor_1_vzorky (1).DOC.wdfljvj
2015-01-08 19:55 - 2012-03-08 08:12 - 00078192 _____ () C:\Users\admin\Downloads\olv_vzor_1_vzorky.DOC.wdfljvj
2015-01-07 22:13 - 2012-03-08 08:12 - 00957280 _____ () C:\Users\admin\Downloads\org. zprac. okruhy.DOCX.wdfljvj
2015-01-07 14:44 - 2012-03-08 08:12 - 00199776 _____ () C:\Users\admin\Downloads\4_Tetrasubstituovan_deriv_ty_methanu.PDF.wdfljvj
2015-01-07 14:30 - 2012-03-08 08:12 - 00068976 _____ () C:\Users\admin\Downloads\otazkynazkousku(czuborec.cz-81c6d).DOC.wdfljvj
2015-01-07 14:28 - 2012-03-08 08:12 - 00070512 _____ () C:\Users\admin\Downloads\chemietahak(czuborec.cz-91ppd).DOC.wdfljvj
2015-01-07 14:25 - 2012-03-08 08:12 - 00037568 _____ () C:\Users\admin\Downloads\karboxylovekyseliny--(czuborec.cz-a65y7).doc.ZIP.wdfljvj
2015-01-07 14:24 - 2012-03-08 08:12 - 00494592 _____ () C:\Users\admin\Downloads\bilkoviny(czuborec.cz-a3196).DOC.wdfljvj
2015-01-07 14:23 - 2012-03-08 08:12 - 00067952 _____ () C:\Users\admin\Downloads\vzorovy_test(czuborec.cz-j5frs).DOC.wdfljvj
2015-01-07 14:23 - 2012-03-08 08:12 - 00064880 _____ () C:\Users\admin\Downloads\organika-test(czuborec.cz-u74ld).DOC.wdfljvj
2015-01-07 14:21 - 2012-03-08 08:12 - 00136000 _____ () C:\Users\admin\Downloads\zkouska_chemie_vypracovane(czuborec.cz-sxl2i).doc.ZIP.wdfljvj
2015-01-07 09:53 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1 (3).PDF.wdfljvj
2015-01-07 09:52 - 2012-03-08 08:12 - 00025440 _____ () C:\Users\admin\Downloads\k_organice_.DOC.wdfljvj
2015-01-07 09:51 - 2012-03-08 08:12 - 00028000 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky (2).DOC.wdfljvj
2015-01-07 09:50 - 2012-03-08 08:12 - 00011136 _____ () C:\Users\admin\Downloads\AF 2015.XLSX.wdfljvj
2015-01-06 18:57 - 2010-12-05 16:20 - 00003344 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4276310980-1373315075-2881649484-1000
2015-01-06 18:57 - 2010-12-05 16:20 - 00003210 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4276310980-1373315075-2881649484-1000
2015-01-06 08:21 - 2012-07-20 20:58 - 00011743 _____ () C:\Windows\SysWOW64\debug.log
2015-01-04 21:06 - 2012-03-08 08:12 - 00028000 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky (1).DOC.wdfljvj
2015-01-04 15:20 - 2014-12-09 20:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-04 15:20 - 2013-06-05 09:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-04 15:20 - 2012-09-24 10:56 - 00000000 ____D () C:\Program Files (x86)\Photo Story 3 for Windows
2015-01-04 15:20 - 2012-09-21 11:18 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-01-04 15:20 - 2011-09-05 14:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-01-04 15:20 - 2011-02-23 13:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2015-01-04 15:20 - 2011-01-31 11:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-01-04 15:20 - 2011-01-31 11:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-01-04 15:20 - 2010-12-26 23:25 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2015-01-04 15:20 - 2010-12-26 23:21 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-01-04 15:20 - 2010-12-05 16:19 - 00000000 ____D () C:\Program Files (x86)\Real
2015-01-04 15:20 - 2010-11-07 23:30 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-04 15:20 - 2010-11-07 11:59 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution
2015-01-04 15:20 - 2010-11-07 11:59 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2015-01-04 15:20 - 2010-11-02 11:09 - 00000000 ____D () C:\Program Files (x86)\Pidgin
2015-01-04 15:20 - 2010-10-11 22:20 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-01-04 15:20 - 2010-10-06 13:57 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2015-01-04 15:20 - 2010-10-02 20:47 - 00000000 ____D () C:\Program Files (x86)\QIP 2010
2015-01-04 15:20 - 2010-09-27 20:03 - 00000000 ____D () C:\Program Files (x86)\QIP
2015-01-04 15:20 - 2010-04-08 14:31 - 00000000 ____D () C:\Program Files (x86)\Realtek WLAN Driver
2015-01-04 15:20 - 2010-03-11 12:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-04 15:20 - 2010-03-11 12:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-04 15:20 - 2010-03-11 12:04 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-04 15:20 - 2010-03-11 12:02 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-04 15:20 - 2010-03-11 11:54 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-04 15:20 - 2010-03-11 11:53 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-01-04 15:20 - 2010-03-11 11:51 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-01-04 15:20 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-01-04 15:20 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-04 11:42 - 2012-03-08 08:12 - 00000512 ____H () C:\Users\admin\Desktop\~$ruhy_ot_zek_k_organick_sti_zkou_ky-1.DOCX.wdfljvj
2015-01-04 10:52 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1 (2).PDF.wdfljvj
2015-01-04 10:47 - 2014-05-30 13:35 - 00001982 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-04 10:47 - 2012-03-08 08:12 - 00042832 _____ () C:\Users\admin\Desktop\1461267_10203731813201884_4525841001195253217_n.JPG.wdfljvj
2015-01-04 10:04 - 2012-03-08 08:12 - 00022112 _____ () C:\Users\admin\Downloads\org reakce.DOCX.wdfljvj
2015-01-04 10:01 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1 (1).PDF.wdfljvj
2015-01-04 09:30 - 2012-03-08 08:12 - 00769776 _____ () C:\Users\admin\Downloads\1_Organick_chemie-1.PDF.wdfljvj
2015-01-04 09:21 - 2012-03-08 08:12 - 00028000 _____ () C:\Users\admin\Downloads\Okruhy_ot_zek_k_organick_sti_zkou_ky.DOC.wdfljvj
2015-01-04 08:29 - 2013-11-17 13:43 - 00002292 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-12-22 19:49 - 2012-09-24 11:21 - 00000000 ____D () C:\Users\admin\AppData\Local\Windows Live
2014-12-19 19:00 - 2013-06-05 12:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-15 22:16 - 2010-09-04 12:52 - 00111608 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 12:05

==================== End Of Log ============================

[Martina.Br.]

Tak jenom na zkoušku jeden malej souborek: http://leteckaposta.cz/264063723

Jinak tu mám samozřejmě milion fotek a souborů do školy samozřejmě...

Tisíceré díky, 100% se odměním na bankovní účet

[vyosek]

Tohle byl SCAN a ne FIX, takze jeste jednou...Proberu s kolegou - na ucet nam nic zatim neposilejte, uvidime co rozsifrovani

[Martina.Br.]

omlouvám se... takže fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-01-2015 02
Ran by admin at 2015-01-14 13:10:14 Run:2
Running from C:\Users\admin\Desktop
Loaded Profile: admin (Available profiles: admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Task: {DF9099A6-3687-499B-AA55-BED2CFD11FEC} - \Security Center Update - 3425793768 No Task File <==== ATTENTION
Task: {A237B235-E658-4D21-88B1-2E22E975E715} - \Security Center Update - 514026233 No Task File <==== ATTENTION
Task: {8987D233-8B33-4645-954C-D426915472DE} - \Security Center Update - 3741571091 No Task File <==== ATTENTION
Task: {8CD65602-CC61-43CB-B8D7-40B3FD8D0867} - System32\Tasks\pbklicg => C:\Users\admin\AppData\Local\Temp\bhvnyma.exe <==== ATTENTION
Task: {94C4FCE4-AB7E-4F05-9715-B1DFC0426BEE} - \Security Center Update - 607701921 No Task File <==== ATTENTION
Task: {4B54FB25-9109-4171-A98E-3F556BB38716} - \Security Center Update - 3998176165 No Task File <==== ATTENTION
Task: {315C9D44-CBC1-4290-B288-94B8CD42E263} - \Security Center Update - 591574539 No Task File <==== ATTENTION

2015-01-04 10:47 - 2014-05-30 13:35 - 00001982 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-01-13 17:45 - 2010-03-11 12:10 - 00000000 ____D () C:\ProgramData\SiteAdvisor
2015-01-13 19:15 - 2013-09-16 18:54 - 00000000 ____D () C:\Users\admin\AppData\Local\Pokki
2015-01-13 23:48 - 2009-07-14 03:34 - 77066240 _____ () C:\Windows\system32\config\software.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 21495808 _____ () C:\Windows\system32\config\system.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 03862528 _____ () C:\Windows\system32\config\default.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-01-13 23:48 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-12-30 16:34 - 2014-12-30 16:35 - 53898616 _____ () C:\Users\admin\Downloads\Nepotvrzeno 2911.crdownload
2015-01-06 08:55 - 2015-01-13 22:50 - 00000000 ____D () C:\42686079
2015-01-13 17:46 - 2015-01-13 21:34 - 01121537 _____ () C:\ProgramData\ihvhzvh.html
2015-01-13 17:43 - 2015-01-13 17:43 - 00002866 _____ () C:\Windows\System32\Tasks\pbklicg

2015-01-14 12:33 - 2015-01-14 12:34 - 00020694 _____ () C:\Users\admin\Desktop\FRST.txt
2015-01-14 11:39 - 2015-01-14 11:39 - 00000894 _____ () C:\Windows\PFRO.log
2015-01-14 11:39 - 2015-01-14 11:39 - 00000056 _____ () C:\Windows\setupact.log
2015-01-14 11:39 - 2015-01-14 11:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 11:36 - 2015-01-14 11:36 - 00010336 _____ () C:\Users\admin\Desktop\12.txt
2015-01-14 11:20 - 2015-01-14 11:20 - 00042257 _____ () C:\Users\admin\Desktop\Addition.txt
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

BHO-x32: QipLI Class -> {6B5863A0-C43F-4C0A-982B-CC0E9125783F} -> C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll No File

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF9099A6-3687-499B-AA55-BED2CFD11FEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF9099A6-3687-499B-AA55-BED2CFD11FEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3425793768" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A237B235-E658-4D21-88B1-2E22E975E715}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A237B235-E658-4D21-88B1-2E22E975E715}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 514026233" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8987D233-8B33-4645-954C-D426915472DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8987D233-8B33-4645-954C-D426915472DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3741571091" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8CD65602-CC61-43CB-B8D7-40B3FD8D0867}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CD65602-CC61-43CB-B8D7-40B3FD8D0867}" => Key deleted successfully.
C:\Windows\System32\Tasks\pbklicg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pbklicg" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94C4FCE4-AB7E-4F05-9715-B1DFC0426BEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94C4FCE4-AB7E-4F05-9715-B1DFC0426BEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 607701921" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B54FB25-9109-4171-A98E-3F556BB38716}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B54FB25-9109-4171-A98E-3F556BB38716}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3998176165" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{315C9D44-CBC1-4290-B288-94B8CD42E263}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{315C9D44-CBC1-4290-B288-94B8CD42E263}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 591574539" => Key deleted successfully.
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk => Moved successfully.
C:\ProgramData\SiteAdvisor => Moved successfully.
C:\Users\admin\AppData\Local\Pokki => Moved successfully.
C:\Windows\system32\config\software.bak => Moved successfully.
C:\Windows\system32\config\system.bak => Moved successfully.
C:\Windows\system32\config\default.bak => Moved successfully.
C:\Windows\system32\config\sam.bak => Moved successfully.
C:\Windows\system32\config\security.bak => Moved successfully.
C:\Users\admin\Downloads\Nepotvrzeno 2911.crdownload => Moved successfully.
C:\42686079 => Moved successfully.
C:\ProgramData\ihvhzvh.html => Moved successfully.
"C:\Windows\System32\Tasks\pbklicg" => File/Directory not found.
C:\Users\admin\Desktop\FRST.txt => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\Users\admin\Desktop\12.txt => Moved successfully.
C:\Users\admin\Desktop\Addition.txt => Moved successfully.
catchme => Service deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:11:14 ====

[vyosek]

Takze PC vypada ciste, jen uklidime

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remote disinfection tools
• Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

- - -

Konzultoval jsem to s kolegou, rozsifrovat soubory nejde, ale mozna by byla moznost se je pokusit obnovit pres ruzne utility a nastroje

Toto vsak nelze delat pres forum, je treba, aby se kolega k vam primo pripojil a pracovat "u vas" - zalozte si prosim pozadavek na nasi vzdalene pomoci www.neslape.cz - do popisu napiste "vyosek-stell" a kolega bude vedet a ozve se vam

[Martina.Br.]

OK, poslala jsem žádost