Prosba o kontrolu logu

Zpráva

Alpyn · #1 Příspěvek od **Alpyn** » 22 led 2015 07:40

Dobrý den, udělal jsem sken programem MBAM a prosím o radu, jestli vše vymazat.
Děkuji.

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 21.1.2015
Čas skenování: 23:14:26
Protokol: Sken 21.01.2015.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.01.21.11
Databáze rootkitů: v2015.01.14.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: Makro

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 629080
Uplynulý čas: 3 hod, 36 min, 41 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 7
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-4147866290-3427228232-1147764146-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, , [97787189e0a9280e3f8246e682817d83],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1mode5250, , [35da24d6b1d8999d0d62783081820cf4],
PUP.Optional.MediaView.A, HKLM\SOFTWARE\MediaViewV1alpha3862, , [ec23708a3a4fe94dbe74d0e4c63d758b],
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\RichMediaViewV1release135, , [56b99367e9a040f6e3c59a08857e3bc5],
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\RichMediaViewV1release5914, , [8f8085758efb57df48609d054db64fb1],
PUP.Optional.TrustMediaViewer.A, HKLM\SOFTWARE\TrustMediaViewerV1alpha1477, , [f619a456840585b1727eb9deb0538e72],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-4147866290-3427228232-1147764146-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [af6003f763264cea121d5888c63ecd33],

Hodnoty registru: 7
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha769.net, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha769\ff, , [e22d00faafda32049d624078b54e8080]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta987.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta987\ff, , [bc537684fd8c181e6949e5ca768d29d7]
PUP.Optional.MediaView.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewV1alpha3862.net, C:\Program Files\MediaViewV1\MediaViewV1alpha3862\ff, , [6fa0e5150a7f072f0f240aaa0bf8a759]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode5250.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5250\ff, , [d23d1edceb9e4de9452b6f392dd6b947]
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@RichMediaViewV1release135.net, C:\Program Files\RichMediaViewV1\RichMediaViewV1release135\ff, , [749b2ad035540c2af9aeebb76a9936ca]
PUP.Optional.TrustMediaViewer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@TrustMediaViewerV1alpha1477.net, C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha1477\ff, , [cf40b04a8ffa072f35bccdca788b966a]
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@RichMediaViewV1release5914.net, C:\Program Files\RichMediaViewV1\RichMediaViewV1release5914\ff, , [070849b110797abc8c1babf725de639d]

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 8
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, , [7e91bf3bb1d80432f18c8d0820e39967],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.ExtremeBlocker.A, C:\ProgramData\Extreme Blocker, , [b35c83778108a195569794d2ee155ba5],

Soubory: 54
PUP.Optional.SweetIM, C:\Windows\Installer\5fb5f4.msi, , [a9660cee177284b297d2f0d5a16447b9],
PUP.Optional.SweetIM, C:\Windows\Installer\5fb5fa.msi, , [b7580bef5237bc7aabbea71e27de3fc1],
PUP.Optional.SweetIM, C:\Windows\Installer\5fb600.msi, , [67a84cae533653e36cfdbd0815f0e51b],
PUP.Optional.NetFilter, C:\Windows\System32\hfnapi.dll, , [d23d7486bdcc191d5b20cfff41c007f9],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, , [7e91bf3bb1d80432f18c8d0820e39967],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, , [7e91bf3bb1d80432f18c8d0820e39967],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, , [7e91bf3bb1d80432f18c8d0820e39967],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\128.png, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\48.png, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\background.html, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\logger.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\main.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\manifest.json, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\newtab.html, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\newtab.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\remote.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\simapp.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\toolbar.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\128.png, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\19.png, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\48.png, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\background.html, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\flavour.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\logger.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\main.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\manifest.json, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\newtab.html, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\newtab.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\popup.html, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\popup.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\simapp.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.WhiteSmoke.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\toolbar.js, , [20ef07f3a1e82d09bff150f162a17e82],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\128.png, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\16.png, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\48.png, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\background.html, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\fbsim.js, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\logger.js, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\main.js, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\manifest.json, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\messagehandler.js, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\simapp.js, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\128.png, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\16.png, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\48.png, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\background.html, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\fbsim.js, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\logger.js, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\main.js, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\manifest.json, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\messagehandler.js, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.SweetIM.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\simapp.js, , [62ad17e36d1c7eb8a0212132c241f40c],
PUP.Optional.ExtremeBlocker.A, C:\ProgramData\Extreme Blocker\Extreme Blocker.exe, , [b35c83778108a195569794d2ee155ba5],
PUP.Optional.SweetPacks.A, C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences, Dobré: (), Špatné: ( "homepage_url": "http://www.sweetpacks.com",), ,[f11e9565692081b5051e04d7f90c7987]

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)

(end)

#2 Příspěvek od **vyosek** » 22 led 2015 08:42

Zdravim

Nalezy MBAMu smazte

Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Alpyn · #3 Příspěvek od **Alpyn** » 22 led 2015 15:07

Zdravím,

Tak,Nalezy MBAMu jsem smazal.

Dávám zde log FRST a do přílohy přikládám zazipovaný Addition :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Makro (administrator) on DOMA1 on 22-01-2015 14:58:01
Running from C:\Users\Makro\Desktop
Loaded Profiles: Makro (Available profiles: Makro)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
() C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Crawler.com) C:\Program Files\Spyware Terminator\sp_rsser.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\PLFSetI.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Realtek Semiconductor Corp.) C:\Users\Makro\AppData\Local\Temp\RtkBtMnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nenad Hrg (SoftwareOK.com)) C:\Program Files\Q-Dir\Q-Dir.exe
(forum.viry.cz) C:\Users\Makro\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [ZPdtWzdVitaKey MC3000] => C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [3676160 2008-12-07] (Arachnoid Biometrics Identification Group Corp.)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-07-24] (CyberLink)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-07-18] (Acer Corp.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-11-14] (Google)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637528 2012-10-09] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [eyeBeam SIP Client] => [X]
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-12-07] (Google Inc.)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {37d272fd-bfc9-11de-b875-00238b046287} - E:\Launcher.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {45fc6f61-229f-11df-ae3c-00238b046287} - F:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {45fc6f67-229f-11df-ae3c-00238b046287} - G:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {4e210eae-3bb6-11df-869a-00238b046287} - F:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {4e210eb4-3bb6-11df-869a-00238b046287} - G:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {bcd1ffb3-4e96-11df-8c6f-002269de1c9a} - E:\NokiaPCIA_Autorun.exe
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-11-14] (Google)
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
BootExecute: autocheck autochk *
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... DSearchBox
URLSearchHook: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ACAW
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> F0EF067B902C42B389531F5E7ECDF817 URL = http://search.seznam.cz/?q={searchTerms ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {0B9C67B8-1DD7-4DE5-8D6B-9C121AF822E1} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {675F7D11-7112-489B-8913-C042F81DE8F9} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... 1I7GGLL_cs
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=TSqni41x ... earchTerms}
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {84737841-E00A-48BC-B90E-29EF94FB7DC4} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {8617E5A9-4B58-4A0F-BCDB-A7BCB8F773F8} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {87A6290B-9E7A-41F3-9053-84C51F7C5BFB} URL = http://www.bing.com/search?FORM=UP97DF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {A827046B-EE19-44F2-95B6-AC76B9440968} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {D0930273-CB3A-438F-B084-DE59C760F5AC} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {E848199C-CE32-4317-A517-8CD9F978F880} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {FA8FC72A-F0E7-4089-9F78-B3F26F3D58A7} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48Đ¸patm6ęo^Mp`Ëő÷_iŁwľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)xä URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} http://adisepo.mfcr.cz/adistc/adis/idpr ... tsignx.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1

FireFox:
========
FF ProfilePath: C:\Users\Makro\AppData\Roaming\Mozilla\Firefox\Profiles\tynndj5z.default-1418762770049
FF Homepage: https://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4147866290-3427228232-1147764146-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Makro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4147866290-3427228232-1147764146-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Makro\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin HKU\S-1-5-21-4147866290-3427228232-1147764146-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Makro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4147866290-3427228232-1147764146-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprm3d.dll (3D RealityMaps GmbH)
FF Extension: NoScript - C:\Users\Makro\AppData\Roaming\Mozilla\Firefox\Profiles\tynndj5z.default-1418762770049\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-01]
FF Extension: Adblock Plus - C:\Users\Makro\AppData\Roaming\Mozilla\Firefox\Profiles\tynndj5z.default-1418762770049\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-11-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-26]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YooaTubereAdsReemoovv) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehnipipdnfnhifldfglcpmmgbcgkemmb [2014-01-31]
CHR Extension: (AdBlock) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-24]
CHR Extension: (Online Fun Games) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdccpiogaoclehkbmphedkpigacocgji [2014-08-04]
CHR Extension: (Quebles Emoticons) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-06-12]
CHR Extension: (Ruby on Rails API Search) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhhppofdccphcpbilanmljnlkmbgike [2014-07-03]
CHR Extension: (PenÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂ¾enka Google) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2014-06-05]
CHR Extension: (MinimumPrice) - C:\ProgramData\jemanoiapfbenpgcmdgffcjakddjbjdg\ [2014-06-05]
CHR HKLM\...\Chrome\Extension: [anhlpfcjdkpkjnoikcggpdoijobpbodo] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5250\ch\MediaBuzzV1mode5250.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dakponcncbbellmjllmcdmacdbhhfooi] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta987\ch\VideoPlayerV3beta987.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gfgogjmdklallofcmfpbgcialkfplale] - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha1477\ch\TrustMediaViewerV1alpha1477.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [imdgagcchokeljjnpknlojjklpnlkegg] - C:\Program Files\MediaViewV1\MediaViewV1alpha3862\ch\MediaViewV1alpha3862.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ncamplhphnmpfncelbicbhncidbepgao] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha769\ch\WebexpEnhancedV1alpha769.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 ezGOSvc; C:\Windows\system32\ezGOSvc.dll [73600 2011-06-14] ()
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-11-14] (Google)
R2 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [117280 2014-09-05] ()
R2 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [180768 2014-09-05] ()
R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2008-12-07] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-04-20] ()
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
R2 sp_rssrv; C:\Program Files\Spyware Terminator\sp_rsser.exe [496128 2011-01-12] (Crawler.com) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 8b68ee33; "C:\Windows\system32\rundll32.exe" "c:\progra~2\accele~1\AccelesysSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-12-07] (Alfa Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] () [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-11-22] (Lavasoft AB)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-16] (Cyberlink Corp.) [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [64512 1999-06-08] () [File not signed]
S3 usbser; C:\Windows\System32\drivers\usbser.sys [28160 2014-07-29] (Microsoft Corporation) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [81704 2008-05-26] (CyberLink)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
S3 gHidPnp; System32\Drivers\gHidPnp.Sys [X]
S3 gMouUsb16; system32\DRIVERS\gMouUsb16.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2014-07-29] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: ezGOSvc -> C:\Windows\system32\ezGOSvc.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 14:58 - 2015-01-22 14:58 - 00032105 _____ () C:\Users\Makro\Desktop\FRST.txt
2015-01-22 14:55 - 2015-01-22 14:58 - 00000000 ____D () C:\FRST
2015-01-22 14:54 - 2015-01-22 14:54 - 00112640 _____ (forum.viry.cz) C:\Users\Makro\Desktop\FRSTLauncher.exe
2015-01-22 14:53 - 2015-01-22 14:52 - 01118208 _____ (Farbar) C:\Users\Makro\Desktop\FRST.exe
2015-01-22 07:12 - 2015-01-22 07:12 - 00000000 ____D () C:\Malwarebytes
2015-01-21 23:10 - 2015-01-21 23:11 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 23:09 - 2015-01-21 23:09 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 23:09 - 2015-01-21 23:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 23:09 - 2015-01-21 23:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-21 23:09 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 23:09 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 23:09 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-21 22:55 - 2015-01-21 22:55 - 00000955 _____ () C:\Users\Makro\Desktop\JRT.txt
2015-01-21 22:47 - 2015-01-21 22:47 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 22:47 - 2015-01-21 22:45 - 01707939 _____ (Thisisu) C:\Users\Makro\Desktop\JRT.exe
2015-01-21 22:22 - 2015-01-22 14:40 - 00025604 _____ () C:\Windows\PFRO.log
2015-01-21 22:01 - 2015-01-21 21:46 - 02186752 _____ () C:\Users\Makro\Desktop\adwcleaner_4.108.exe
2015-01-21 21:47 - 2015-01-21 22:59 - 00000000 ____D () C:\AdwCleaner
2015-01-21 14:25 - 2015-01-21 14:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-21 14:21 - 2015-01-21 14:21 - 00000000 ____D () C:\Program Files\Nová složka
2015-01-21 14:19 - 2015-01-21 14:19 - 00639912 _____ (Oracle Corporation) C:\Users\Makro\Downloads\jxpiinstall.exe
2015-01-14 17:23 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:59 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:59 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 16:59 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 16:58 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-03 11:58 - 2015-01-03 11:58 - 00001896 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-03 11:58 - 2015-01-03 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-03 11:58 - 2015-01-03 11:58 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-01-01 13:15 - 2015-01-01 13:15 - 00000687 _____ () C:\awh8130.tmp
2014-12-23 11:21 - 2014-12-23 11:21 - 00000687 _____ () C:\awhC11C.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 14:57 - 2010-05-01 19:09 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 14:53 - 2011-03-25 10:06 - 00086280 _____ () C:\Windows\Q-Dir.ini
2015-01-22 14:49 - 2008-12-07 20:31 - 01421585 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 14:42 - 2008-12-08 18:59 - 00084349 _____ () C:\ProgramData\nvModes.001
2015-01-22 14:41 - 2010-05-01 19:09 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 14:41 - 2008-12-07 14:54 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-01-22 14:41 - 2008-08-06 09:06 - 00000147 _____ () C:\Windows\system32\agent.log
2015-01-22 14:41 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 14:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 14:41 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 14:40 - 2006-11-02 14:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-22 14:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\security
2015-01-22 14:39 - 2009-01-01 22:46 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-22 14:34 - 2012-10-12 17:23 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147866290-3427228232-1147764146-1000UA.job
2015-01-21 22:20 - 2010-02-08 15:48 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-21 22:08 - 2008-12-07 14:38 - 00087984 _____ () C:\Users\Makro\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 22:06 - 2011-02-08 07:12 - 00008224 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-21 22:03 - 2006-11-02 13:47 - 00379144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-21 21:37 - 2012-02-14 15:14 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\.minecraft
2015-01-21 21:32 - 2008-12-31 15:47 - 00000000 ____D () C:\Programy
2015-01-21 21:19 - 2012-12-18 15:16 - 00000000 ____D () C:\Users\Makro\Documents\My Games
2015-01-21 21:11 - 2008-08-06 08:25 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-21 20:54 - 2012-03-28 19:21 - 00000000 ____D () C:\Program Files\EA Games
2015-01-21 18:35 - 2012-10-12 17:23 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147866290-3427228232-1147764146-1000Core.job
2015-01-21 16:16 - 2009-01-02 17:45 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\Skype
2015-01-21 14:25 - 2013-10-16 14:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 14:24 - 2014-10-17 11:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-21 14:23 - 2013-06-24 12:00 - 00000000 ____D () C:\Program Files\Java
2015-01-20 17:20 - 2009-03-23 17:10 - 00000084 _____ () C:\Windows\KeyScript.ini
2015-01-20 11:59 - 2013-11-16 14:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-16 13:17 - 2009-01-21 19:24 - 00000696 _____ () C:\Users\Makro\Desktop\MRP Daňová evidence.lnk
2015-01-16 12:38 - 2008-01-21 07:47 - 01943732 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 15:00 - 2009-01-02 12:28 - 00058880 _____ () C:\Users\Makro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-14 17:23 - 2013-07-26 15:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 16:59 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-09 14:52 - 2009-01-02 12:16 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\FileZilla
2015-01-06 23:44 - 2010-05-11 12:25 - 00000000 ____D () C:\ProgramData\Bitmeter2
2015-01-06 17:31 - 2009-03-19 14:24 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\MRP
2015-01-03 11:58 - 2009-01-02 17:44 - 00000000 ___RD () C:\Program Files\Skype
2015-01-03 11:58 - 2009-01-02 17:44 - 00000000 ____D () C:\ProgramData\Skype
2015-01-01 22:51 - 2011-01-12 12:18 - 00000000 ____D () C:\Program Files\Spyware Terminator
2015-01-01 22:50 - 2011-01-12 12:19 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\Spyware Terminator
2015-01-01 22:50 - 2011-01-12 12:19 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-01-01 22:17 - 2014-10-07 06:39 - 00000000 ____D () C:\Users\Makro\AppData\Local\9758
2015-01-01 22:16 - 2014-12-12 10:14 - 00000000 ____D () C:\ProgramData\jemanoiapfbenpgcmdgffcjakddjbjdg
2015-01-01 22:16 - 2014-09-25 15:37 - 00000000 ____D () C:\Users\Makro\AppData\Local\6254
2015-01-01 22:14 - 2013-12-14 16:10 - 00000000 ____D () C:\Program Files\Search-NeWTabu
2015-01-01 18:03 - 2009-01-22 15:38 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\Media Player Classic
2015-01-01 18:02 - 2009-01-27 09:13 - 00000000 ____D () C:\Program Files\PDFCreator
2015-01-01 17:59 - 2009-01-05 11:36 - 00000000 ____D () C:\Windows\Minidump
2015-01-01 17:59 - 2008-08-11 09:54 - 00000000 ____D () C:\Windows\Panther
2015-01-01 17:17 - 2011-01-07 14:25 - 00000808 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-01 17:17 - 2011-01-07 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-01 17:17 - 2011-01-07 14:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-31 12:13 - 2010-05-11 11:12 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-24 14:59 - 2009-08-12 16:57 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\vlc

==================== Files in the root of some directories =======
2012-03-28 19:28 - 2012-04-20 16:14 - 0138056 _____ () C:\Users\Makro\AppData\Roaming\PnkBstrK.sys
2009-10-23 21:07 - 2009-10-23 21:07 - 0026361 _____ () C:\Users\Makro\AppData\Roaming\UserTile.png
2009-01-12 15:47 - 2012-12-27 13:13 - 0000896 _____ () C:\Users\Makro\AppData\Roaming\wklnhst.dat
2008-12-07 14:38 - 2014-10-02 07:39 - 0008268 _____ () C:\Users\Makro\AppData\Local\d3d9caps.dat
2009-01-02 12:28 - 2015-01-15 15:00 - 0058880 _____ () C:\Users\Makro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-11 16:55 - 2011-07-11 16:56 - 0143659 _____ () C:\Users\Makro\AppData\Local\edsinstaller.txt-20110711.log
2011-06-08 11:30 - 2011-06-08 11:30 - 0000000 _____ () C:\Users\Makro\AppData\Local\{70A09919-80C3-4FDF-9389-1F7F11F44DD7}
2012-01-27 18:13 - 2012-01-27 18:13 - 0000000 _____ () C:\Users\Makro\AppData\Local\{7AFB6A76-8D82-4147-8447-56C23098781C}
2008-12-07 15:07 - 2008-12-07 15:12 - 0006039 _____ () C:\ProgramData\ArcadeDeluxe2.log
2009-01-02 17:45 - 2009-01-02 17:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-01-08 07:50 - 2010-06-07 19:26 - 0010551 _____ () C:\ProgramData\hpzinstall.log
2008-12-08 18:59 - 2015-01-22 14:42 - 0084349 _____ () C:\ProgramData\nvModes.001
2008-12-08 18:58 - 2014-06-30 18:54 - 0084349 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\Makro\AppData\Local\Temp\Quarantine.exe
C:\Users\Makro\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Makro\AppData\Local\Temp\sqlite3.dll
C:\Users\Zákazníci\AppData\Local\Temp\RtkBtMnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Makro\Desktop" je 2305 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe:*:Enabled:encryption"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe:*:Enabled:decryption"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe:*:Enabled:encryption"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe:*:Enabled:decryption"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe:*:Enabled:eDStbmngr"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#4 Příspěvek od **vyosek** » 22 led 2015 15:45

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Alpyn · #5 Příspěvek od **Alpyn** » 24 led 2015 15:36

Zdravím, tak jsem nechal proběhnout adw cleaner sken, ale už jsme ho dělal hned na začátku procesu čištění počítače, takže nyní jsem ho dělal ještě podruhé,jak jste poradil. Log zde :

# AdwCleaner v4.108 - Report created 22/01/2015 at 16:19:03
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Makro - DOMA1
# Running from : C:\Users\Makro\Desktop\adwcleaner_4.108.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Mozilla Firefox v35.0 (x86 cs)

-\\ Google Chrome v31.0.1650.63

*************************

AdwCleaner[21.01.2015].txt - [27198 octets] - [21/01/2015 22:27:26]
AdwCleaner[R0].txt - [26570 octets] - [21/01/2015 21:47:58]
AdwCleaner[R1].txt - [26696 octets] - [21/01/2015 22:10:48]
AdwCleaner[R2].txt - [1124 octets] - [21/01/2015 22:27:57]
AdwCleaner[R3].txt - [1169 octets] - [22/01/2015 16:07:07]
AdwCleaner[S0].txt - [27198 octets] - [21/01/2015 22:20:44]
AdwCleaner[S1].txt - [1188 octets] - [21/01/2015 22:35:10]
AdwCleaner[S2].txt - [1091 octets] - [22/01/2015 16:19:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1151 octets] ##########

a potom jsem začal dělat sken zoek.exe s doporučenýmy kódy a zastavilo se mi to na na tomto řádku viz. příloha. Na tomto řádku to zůstalo stát od 16:40 hod. až do 22 hod.. Zdálo se mi, že to je už dlouho a tak jsem sken chtěl ukončit, ale nešlo sken zoek.exe ukončit. Musel jsem natvrdo vypnout počítač. Tak teď nevím, mám zkusit znovu zoek.exe ? Mám strach, že počítač zase zamrze.

Díky za radu.

#6 Příspěvek od **vyosek** » 25 led 2015 08:11

Dejte prosim novy log z FRST

Alpyn · #7 Příspěvek od **Alpyn** » 25 led 2015 14:19

Zdravím, dávám zde nový log z FRST a do přílohy přikládám adittion.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Makro (administrator) on DOMA1 on 25-01-2015 14:11:38
Running from C:\Users\Makro\Desktop
Loaded Profiles: Makro (Available profiles: Makro)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\PLFSetI.exe
(Realtek Semiconductor Corp.) C:\Users\Makro\AppData\Local\Temp\RtkBtMnt.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
() C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\ACER\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Crawler.com) C:\Program Files\Spyware Terminator\sp_rsser.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(Arachnoid Biometrics Identification Group Corp.) C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(forum.viry.cz) C:\Users\Makro\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-05-30] (Acer Incorporated)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [WarReg_PopUp] => C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [817672 2008-06-04] (Dritek System Inc.)
HKLM\...\Run: [eRecoveryService] => [X]
HKLM\...\Run: [ZPdtWzdVitaKey MC3000] => C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe [3676160 2008-12-07] (Arachnoid Biometrics Identification Group Corp.)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-07-24] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-07-24] (CyberLink)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-07-18] (Acer Corp.)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-11-14] (Google)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637528 2012-10-09] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2569616 2010-07-26] (CANON INC.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\AWinNotifyVitaKey MC3000: C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [eyeBeam SIP Client] => [X]
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-12-07] (Google Inc.)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {37d272fd-bfc9-11de-b875-00238b046287} - E:\Launcher.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {45fc6f61-229f-11df-ae3c-00238b046287} - F:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {45fc6f67-229f-11df-ae3c-00238b046287} - G:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {4e210eae-3bb6-11df-869a-00238b046287} - F:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {4e210eb4-3bb6-11df-869a-00238b046287} - G:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {bcd1ffb3-4e96-11df-8c6f-002269de1c9a} - E:\NokiaPCIA_Autorun.exe
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-11-14] (Google)
Lsa: [Notification Packages] scecli C:\Program Files\Acer\Acer Bio Protection\PwdFilter
BootExecute: autocheck autochk *
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... DSearchBox
URLSearchHook: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ACAW
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTer ... DF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> F0EF067B902C42B389531F5E7ECDF817 URL = http://search.seznam.cz/?q={searchTerms ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {0B9C67B8-1DD7-4DE5-8D6B-9C121AF822E1} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {675F7D11-7112-489B-8913-C042F81DE8F9} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... 1I7GGLL_cs
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=TSqni41x ... earchTerms}
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {84737841-E00A-48BC-B90E-29EF94FB7DC4} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {8617E5A9-4B58-4A0F-BCDB-A7BCB8F773F8} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {87A6290B-9E7A-41F3-9053-84C51F7C5BFB} URL = http://www.bing.com/search?FORM=UP97DF& ... -SearchBox
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {A827046B-EE19-44F2-95B6-AC76B9440968} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {D0930273-CB3A-438F-B084-DE59C760F5AC} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {E848199C-CE32-4317-A517-8CD9F978F880} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {FA8FC72A-F0E7-4089-9F78-B3F26F3D58A7} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48Đ¸patm6ęo^Mp`Ëő÷_iŁwľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)xä URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} http://adisepo.mfcr.cz/adistc/adis/idpr ... tsignx.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1

FireFox:
========
FF ProfilePath: C:\Users\Makro\AppData\Roaming\Mozilla\Firefox\Profiles\tynndj5z.default-1418762770049
FF Homepage: https://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4147866290-3427228232-1147764146-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Makro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4147866290-3427228232-1147764146-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Makro\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin HKU\S-1-5-21-4147866290-3427228232-1147764146-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Makro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4147866290-3427228232-1147764146-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprm3d.dll (3D RealityMaps GmbH)
FF Extension: NoScript - C:\Users\Makro\AppData\Roaming\Mozilla\Firefox\Profiles\tynndj5z.default-1418762770049\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-01]
FF Extension: Adblock Plus - C:\Users\Makro\AppData\Roaming\Mozilla\Firefox\Profiles\tynndj5z.default-1418762770049\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-11-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-26]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YooaTubereAdsReemoovv) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehnipipdnfnhifldfglcpmmgbcgkemmb [2014-01-31]
CHR Extension: (AdBlock) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-24]
CHR Extension: (Online Fun Games) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdccpiogaoclehkbmphedkpigacocgji [2014-08-04]
CHR Extension: (Quebles Emoticons) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-06-12]
CHR Extension: (Ruby on Rails API Search) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhhppofdccphcpbilanmljnlkmbgike [2014-07-03]
CHR Extension: (PenÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂ¾enka Google) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Responsive Web Design Tester) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2014-06-05]
CHR Extension: (MinimumPrice) - C:\ProgramData\jemanoiapfbenpgcmdgffcjakddjbjdg\ [2014-06-05]
CHR HKLM\...\Chrome\Extension: [anhlpfcjdkpkjnoikcggpdoijobpbodo] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5250\ch\MediaBuzzV1mode5250.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dakponcncbbellmjllmcdmacdbhhfooi] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta987\ch\VideoPlayerV3beta987.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gfgogjmdklallofcmfpbgcialkfplale] - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha1477\ch\TrustMediaViewerV1alpha1477.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [imdgagcchokeljjnpknlojjklpnlkegg] - C:\Program Files\MediaViewV1\MediaViewV1alpha3862\ch\MediaViewV1alpha3862.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ncamplhphnmpfncelbicbhncidbepgao] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha769\ch\WebexpEnhancedV1alpha769.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-06-02] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 ezGOSvc; C:\Windows\system32\ezGOSvc.dll [73600 2011-06-14] ()
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-02-05] (Teruten) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-11-14] (Google)
R2 HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [117280 2014-09-05] ()
R2 HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [180768 2014-09-05] ()
R2 IGBASVC; C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [3602432 2008-12-07] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-04-20] ()
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [233472 2008-01-10] (Acer Incorporated) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-01-10] (Secunia)
R2 sp_rssrv; C:\Program Files\Spyware Terminator\sp_rsser.exe [496128 2011-01-12] (Crawler.com) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 8b68ee33; "C:\Windows\system32\rundll32.exe" "c:\progra~2\accele~1\AccelesysSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-12-07] (Alfa Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 int15; C:\Windows\system32\drivers\int15.sys [69632 2007-01-26] () [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x86.sys [48640 2009-08-05] (Atheros Communications, Inc.)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-11-22] (Lavasoft AB)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R2 NTIPPKernel; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [122368 2008-01-16] (Cyberlink Corp.) [File not signed]
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [64512 1999-06-08] () [File not signed]
S3 usbser; C:\Windows\System32\drivers\usbser.sys [28160 2014-07-29] (Microsoft Corporation) [File not signed]
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2007-03-28] (Winbond Electronics Corporation)
S3 WSVD; C:\Windows\system32\drivers\WSVD.sys [81704 2008-05-26] (CyberLink)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-07-18] (Cyberlink Corp.)
S3 gHidPnp; System32\Drivers\gHidPnp.Sys [X]
S3 gMouUsb16; system32\DRIVERS\gMouUsb16.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2014-07-29] (Huawei Technologies Co., Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: ezGOSvc -> C:\Windows\system32\ezGOSvc.dll ()

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 14:11 - 2015-01-25 14:11 - 00032040 _____ () C:\Users\Makro\Desktop\FRST.txt
2015-01-25 14:05 - 2015-01-25 14:11 - 00000000 ____D () C:\Users\Makro\Desktop\FRST-OlderVersion
2015-01-22 16:34 - 2015-01-22 16:40 - 00000740 _____ () C:\runcheck.txt
2015-01-22 16:34 - 2015-01-22 16:38 - 00002026 _____ () C:\zoek-results.log
2015-01-22 16:32 - 2015-01-22 16:32 - 00000000 ____D () C:\zoek_backup
2015-01-22 16:31 - 2015-01-22 16:30 - 01295360 _____ () C:\Users\Makro\Desktop\zoek.exe
2015-01-22 15:09 - 2015-01-22 15:09 - 00112107 _____ (forum.viry.cz) C:\Users\Makro\Desktop\VerzeOS.exe
2015-01-22 14:55 - 2015-01-25 14:11 - 00000000 ____D () C:\FRST
2015-01-22 14:54 - 2015-01-22 14:54 - 00112640 _____ (forum.viry.cz) C:\Users\Makro\Desktop\FRSTLauncher.exe
2015-01-22 14:53 - 2015-01-25 14:05 - 01120768 _____ (Farbar) C:\Users\Makro\Desktop\FRST.exe
2015-01-22 07:12 - 2015-01-22 07:12 - 00000000 ____D () C:\Malwarebytes
2015-01-21 23:10 - 2015-01-21 23:11 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 23:09 - 2015-01-21 23:09 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 23:09 - 2015-01-21 23:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 23:09 - 2015-01-21 23:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-21 23:09 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 23:09 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 23:09 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-21 22:47 - 2015-01-21 22:47 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 22:47 - 2015-01-21 22:45 - 01707939 _____ (Thisisu) C:\Users\Makro\Desktop\JRT.exe
2015-01-21 22:01 - 2015-01-21 21:46 - 02186752 _____ () C:\Users\Makro\Desktop\adwcleaner_4.108.exe
2015-01-21 21:47 - 2015-01-22 16:19 - 00000000 ____D () C:\AdwCleaner
2015-01-21 14:25 - 2015-01-21 14:25 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-21 14:19 - 2015-01-21 14:19 - 00639912 _____ (Oracle Corporation) C:\Users\Makro\Downloads\jxpiinstall.exe
2015-01-14 17:23 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:59 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:59 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 16:59 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 16:58 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-03 11:58 - 2015-01-03 11:58 - 00001896 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-03 11:58 - 2015-01-03 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-03 11:58 - 2015-01-03 11:58 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-01-01 13:15 - 2015-01-01 13:15 - 00000687 _____ () C:\awh8130.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 13:57 - 2010-05-01 19:09 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 13:45 - 2008-12-07 20:31 - 01561023 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 13:29 - 2010-05-01 19:09 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 13:29 - 2008-12-08 18:59 - 00084349 _____ () C:\ProgramData\nvModes.001
2015-01-25 13:29 - 2008-12-07 14:54 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-01-25 13:29 - 2008-08-06 09:06 - 00000147 _____ () C:\Windows\system32\agent.log
2015-01-25 13:28 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 13:28 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 13:28 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 00:01 - 2009-01-01 22:46 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-25 00:01 - 2006-11-02 14:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-24 23:55 - 2011-03-25 10:06 - 00091975 _____ () C:\Windows\Q-Dir.ini
2015-01-24 22:09 - 2008-01-21 07:47 - 01963676 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 21:34 - 2012-10-12 17:23 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147866290-3427228232-1147764146-1000UA.job
2015-01-24 20:49 - 2009-01-02 12:28 - 00058880 _____ () C:\Users\Makro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-24 19:20 - 2009-01-02 17:45 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\Skype
2015-01-24 18:35 - 2012-10-12 17:23 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147866290-3427228232-1147764146-1000Core.job
2015-01-22 14:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\security
2015-01-21 22:20 - 2010-02-08 15:48 - 00000000 ____D () C:\ProgramData\ICQ
2015-01-21 22:08 - 2008-12-07 14:38 - 00087984 _____ () C:\Users\Makro\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 22:06 - 2011-02-08 07:12 - 00008224 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-01-21 22:03 - 2006-11-02 13:47 - 00379144 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-21 21:37 - 2012-02-14 15:14 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\.minecraft
2015-01-21 21:32 - 2008-12-31 15:47 - 00000000 ____D () C:\Programy
2015-01-21 21:19 - 2012-12-18 15:16 - 00000000 ____D () C:\Users\Makro\Documents\My Games
2015-01-21 21:11 - 2008-08-06 08:25 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-21 14:25 - 2013-10-16 14:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 14:24 - 2014-10-17 11:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-21 14:23 - 2013-06-24 12:00 - 00000000 ____D () C:\Program Files\Java
2015-01-20 17:20 - 2009-03-23 17:10 - 00000084 _____ () C:\Windows\KeyScript.ini
2015-01-20 11:59 - 2013-11-16 14:24 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-16 13:17 - 2009-01-21 19:24 - 00000696 _____ () C:\Users\Makro\Desktop\MRP Daňová evidence.lnk
2015-01-14 17:23 - 2013-07-26 15:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 16:59 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-09 14:52 - 2009-01-02 12:16 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\FileZilla
2015-01-06 23:44 - 2010-05-11 12:25 - 00000000 ____D () C:\ProgramData\Bitmeter2
2015-01-06 17:31 - 2009-03-19 14:24 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\MRP
2015-01-03 11:58 - 2009-01-02 17:44 - 00000000 ___RD () C:\Program Files\Skype
2015-01-03 11:58 - 2009-01-02 17:44 - 00000000 ____D () C:\ProgramData\Skype
2015-01-01 22:51 - 2011-01-12 12:18 - 00000000 ____D () C:\Program Files\Spyware Terminator
2015-01-01 22:50 - 2011-01-12 12:19 - 00000000 ____D () C:\Users\Makro\AppData\Roaming\Spyware Terminator
2015-01-01 22:50 - 2011-01-12 12:19 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2015-01-01 22:17 - 2014-10-07 06:39 - 00000000 ____D () C:\Users\Makro\AppData\Local\9758
2015-01-01 22:16 - 2014-12-12 10:14 - 00000000 ____D () C:\ProgramData\jemanoiapfbenpgcmdgffcjakddjbjdg
2015-01-01 22:16 - 2014-09-25 15:37 - 00000000 ____D () C:\Users\Makro\AppData\Local\6254
2015-01-01 22:14 - 2013-12-14 16:10 - 00000000 ____D () C:\Program Files\Search-NeWTabu
2015-01-01 18:02 - 2009-01-27 09:13 - 00000000 ____D () C:\Program Files\PDFCreator
2015-01-01 17:59 - 2009-01-05 11:36 - 00000000 ____D () C:\Windows\Minidump
2015-01-01 17:59 - 2008-08-11 09:54 - 00000000 ____D () C:\Windows\Panther
2015-01-01 17:17 - 2011-01-07 14:25 - 00000808 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-01 17:17 - 2011-01-07 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-01 17:17 - 2011-01-07 14:25 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-31 12:13 - 2010-05-11 11:12 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-03-28 19:28 - 2012-04-20 16:14 - 0138056 _____ () C:\Users\Makro\AppData\Roaming\PnkBstrK.sys
2009-10-23 21:07 - 2009-10-23 21:07 - 0026361 _____ () C:\Users\Makro\AppData\Roaming\UserTile.png
2009-01-12 15:47 - 2012-12-27 13:13 - 0000896 _____ () C:\Users\Makro\AppData\Roaming\wklnhst.dat
2008-12-07 14:38 - 2014-10-02 07:39 - 0008268 _____ () C:\Users\Makro\AppData\Local\d3d9caps.dat
2009-01-02 12:28 - 2015-01-24 20:49 - 0058880 _____ () C:\Users\Makro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-11 16:55 - 2011-07-11 16:56 - 0143659 _____ () C:\Users\Makro\AppData\Local\edsinstaller.txt-20110711.log
2011-06-08 11:30 - 2011-06-08 11:30 - 0000000 _____ () C:\Users\Makro\AppData\Local\{70A09919-80C3-4FDF-9389-1F7F11F44DD7}
2012-01-27 18:13 - 2012-01-27 18:13 - 0000000 _____ () C:\Users\Makro\AppData\Local\{7AFB6A76-8D82-4147-8447-56C23098781C}
2008-12-07 15:07 - 2008-12-07 15:12 - 0006039 _____ () C:\ProgramData\ArcadeDeluxe2.log
2009-01-02 17:45 - 2009-01-02 17:45 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-01-08 07:50 - 2010-06-07 19:26 - 0010551 _____ () C:\ProgramData\hpzinstall.log
2008-12-08 18:59 - 2015-01-25 13:29 - 0084349 _____ () C:\ProgramData\nvModes.001
2008-12-08 18:58 - 2014-06-30 18:54 - 0084349 _____ () C:\ProgramData\nvModes.dat

Some content of TEMP:
====================
C:\Users\Makro\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Zákazníci\AppData\Local\Temp\RtkBtMnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147866290-3427228232-1147764146-1000Core.job => C:\Users\Makro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147866290-3427228232-1147764146-1000UA.job => C:\Users\Makro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Install.job => C:\Windows\System32\Macromed\Shockwave 10\nssstub.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Makro\Desktop" je 2308 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe:*:Enabled:encryption"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe:*:Enabled:decryption"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe:*:Enabled:encryption"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe:*:Enabled:decryption"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"="C:\\Program Files\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe:*:Enabled:eDStbmngr"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#8 Příspěvek od **vyosek** » 27 led 2015 20:58

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-07-18] (Acer Corp.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [eyeBeam SIP Client] => [X]
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-12-07] (Google Inc.)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {37d272fd-bfc9-11de-b875-00238b046287} - E:\Launcher.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {45fc6f61-229f-11df-ae3c-00238b046287} - F:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {45fc6f67-229f-11df-ae3c-00238b046287} - G:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {4e210eae-3bb6-11df-869a-00238b046287} - F:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {4e210eb4-3bb6-11df-869a-00238b046287} - G:\Default.exe
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\...\MountPoints2: {bcd1ffb3-4e96-11df-8c6f-002269de1c9a} - E:\NokiaPCIA_Autorun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_6930g
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKU\S-1-5-21-4147866290-3427228232-1147764146-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... DSearchBox
URLSearchHook: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=TSqni41x ... O556mEc?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> ŰźĆîZ§’2ąŢpv¨IÍá*X(Ž2s(ŰÎŔJşÔÓµť± vË°!×—(äĽ48Đ¸patm6ęo^Mp`Ëő÷_iŁwľ!„Áű†x˘8€ŮjŔ˙ţ ´Ń;áa´[¦†8 ş~ŹRŮxśňÜ8'Ł-)xä URL = 
Toolbar: HKU\S-1-5-21-4147866290-3427228232-1147764146-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-16]

CHR Extension: (YooaTubereAdsReemoovv) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehnipipdnfnhifldfglcpmmgbcgkemmb [2014-01-31]
CHR Extension: (Online Fun Games) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdccpiogaoclehkbmphedkpigacocgji [2014-08-04]
CHR Extension: (Quebles Emoticons) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\macpddegmcklbbnbdemccckkmhaegdlf [2014-06-12]
CHR Extension: (Ruby on Rails API Search) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhhppofdccphcpbilanmljnlkmbgike [2014-07-03]
CHR Extension: 
CHR Extension: (Responsive Web Design Tester) - C:\Users\Makro\AppData\Local\Google\Chrome\User Data\Default\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2014-06-05]
CHR Extension: (MinimumPrice) - C:\ProgramData\jemanoiapfbenpgcmdgffcjakddjbjdg\ [2014-06-05]
CHR HKLM\...\Chrome\Extension: [anhlpfcjdkpkjnoikcggpdoijobpbodo] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode5250\ch\MediaBuzzV1mode5250.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dakponcncbbellmjllmcdmacdbhhfooi] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta987\ch\VideoPlayerV3beta987.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gfgogjmdklallofcmfpbgcialkfplale] - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha1477\ch\TrustMediaViewerV1alpha1477.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [imdgagcchokeljjnpknlojjklpnlkegg] - C:\Program Files\MediaViewV1\MediaViewV1alpha3862\ch\MediaViewV1alpha3862.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ncamplhphnmpfncelbicbhncidbepgao] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha769\ch\WebexpEnhancedV1alpha769.crx [Not Found]

S2 8b68ee33; "C:\Windows\system32\rundll32.exe" "c:\progra~2\accele~1\AccelesysSvc.dll",service

S3 gHidPnp; System32\Drivers\gHidPnp.Sys [X]
S3 gMouUsb16; system32\DRIVERS\gMouUsb16.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

2015-01-25 14:11 - 2015-01-25 14:11 - 00032040 _____ () C:\Users\Makro\Desktop\FRST.txt
2015-01-25 14:05 - 2015-01-25 14:11 - 00000000 ____D () C:\Users\Makro\Desktop\FRST-OlderVersion
2015-01-22 16:34 - 2015-01-22 16:40 - 00000740 _____ () C:\runcheck.txt
2015-01-22 16:34 - 2015-01-22 16:38 - 00002026 _____ () C:\zoek-results.log
2015-01-22 16:32 - 2015-01-22 16:32 - 00000000 ____D () C:\zoek_backup
2015-01-22 16:31 - 2015-01-22 16:30 - 01295360 _____ () C:\Users\Makro\Desktop\zoek.exe
2015-01-22 15:09 - 2015-01-22 15:09 - 00112107 _____ (forum.viry.cz) C:\Users\Makro\Desktop\VerzeOS.exe
2015-01-22 14:54 - 2015-01-22 14:54 - 00112640 _____ (forum.viry.cz) C:\Users\Makro\Desktop\FRSTLauncher.exe
2015-01-21 22:47 - 2015-01-21 22:47 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 22:47 - 2015-01-21 22:45 - 01707939 _____ (Thisisu) C:\Users\Makro\Desktop\JRT.exe
2015-01-21 22:01 - 2015-01-21 21:46 - 02186752 _____ () C:\Users\Makro\Desktop\adwcleaner_4.108.exe
2015-01-21 21:47 - 2015-01-22 16:19 - 00000000 ____D () C:\AdwCleaner

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147866290-3427228232-1147764146-1000Core.job => C:\Users\Makro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147866290-3427228232-1147764146-1000UA.job => C:\Users\Makro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Install.job => C:\Windows\System32\Macromed\Shockwave 10\nssstub.exe
Task: {3766ED9E-ACC7-4645-A4D1-3BBCA870A7AD} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {425616DF-8C47-4541-92E4-82DA21DC7D8F} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {FC35C9CA-2332-4F5F-B2C1-DC97F538288A} - \Adobe Flash Player Updater No Task File <==== ATTENTION

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

VIRY.CZ

Prosba o kontrolu logu

Prosba o kontrolu logu

Re: Prosba o kontrolu logu

Re: Prosba o kontrolu logu

Re: Prosba o kontrolu logu

Re: Prosba o kontrolu logu

Re: Prosba o kontrolu logu

Re: Prosba o kontrolu logu

Re: Prosba o kontrolu logu