Dostal se mi do počítače nějaká potvora

[cajuska3]

a nemůžu se jí zbavit.
Prosim o pomoc. Předem děkuji.

info.txt logfile of random's system information tool 1.10 2015-02-14 10:25:29

======MBR======

0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001E569E81000000000200EEFFFFFF01000000AF6D707400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

7-Zip 9.20 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0920-000001000000}
Adobe Reader XI (11.0.10) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}
Adobe Shockwave Player 11.6-->"C:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe"
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD Catalyst Install Manager-->msiexec /q/x{EA5160BE-7558-2716-01DB-FFE7F316957A} REBOOT=ReallySuppress
BS.Player FREE-->"C:\Program Files (x86)\Webteh\BSPlayer\uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{188ED43E-3E2C-487C-9982-AB350745C4A5}
Catalyst Control Center-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}\setup.exe" -l0x5
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CinemaP-1.8cV13.02-->C:\Program Files (x86)\CinemaP-1.8cV13.02\Uninstall.exe /fcp=1
Counter-Strike 1.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Counter-Strike 1.6-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x19
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{C8358E8D-6C89-41B3-8439-FEFBC0353D81}" "1029" "0"
Fotogaléria-->MsiExec.exe /X{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}
Fotogalerie-->MsiExec.exe /X{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}
Google Drive-->MsiExec.exe /X{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hewlett-Packard ACLM.NET v1.2.1.1-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
HP CoolSense-->MsiExec.exe /I{394B14EA-B072-4440-9510-87797CB12371}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Postscript Converter-->MsiExec.exe /I{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}
HP Recovery Manager-->MsiExec.exe /I{1AE37508-089E-41AC-95BD-99FF06887C2F}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP System Event Utility-->MsiExec.exe /I{C27D60E4-3132-45A3-A71A-E3BD1DA3F794}
HP Utility Center-->MsiExec.exe /I{73237EBB-B26F-4628-8754-4EFE563D72E9}
HP Wireless Button Driver-->MsiExec.exe /X{941DE69D-6CEE-4171-8F1F-3D7E352AA498}
Huawei Drivers-->C:\Program Files (x86)\Huawei\Drivers\uninstall.exe
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\ProgramData\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe -uninstall
Intel(R) Rapid Storage Technology-->MsiExec.exe /I{9D859F0D-B405-4B1F-9084-13BBF5D3DB32}
Intel(R) SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\3.0\Uninstall\setup.exe -uninstall
Intel® Trusted Connect Service Client-->MsiExec.exe /I{FA00A3CC-7440-4938-A271-F186F50DD40D}
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
LibreOffice 4.1.3.2-->MsiExec.exe /I{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)-->MsiExec.exe /I{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}
Microsoft Office 365 - cs-cz-->"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" scenario=install baseurl="C:\Program Files\Microsoft Office 15" platform=x86 version=15.0.4675.1003 culture=cs-cz productstoremove=O365HomePremRetail_cs-cz_x-none
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2010-->MsiExec.exe /X{90140000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727-->"C:\ProgramData\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727-->"C:\ProgramData\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727-->MsiExec.exe /X{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727-->MsiExec.exe /X{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
Movie Maker-->MsiExec.exe /X{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}
Movie Maker-->MsiExec.exe /X{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}
Movie Maker-->MsiExec.exe /X{A035950F-15BA-41C0-9D8F-165FC0536012}
Movie Maker-->MsiExec.exe /X{ED6C77F9-4D7E-447C-9EC0-9A212D075535}
Mozilla Firefox 32.0.2 (x86 cs)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT110_amd64-->MsiExec.exe /I{E9FA781F-3E80-4399-825A-AD3E11C28C77}
MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
Norton Internet Security-->"C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\21.6.0.32\InstStub.exe" /X /ARP
OEM Application Profile-->MsiExec.exe /X{C89A97B6-F991-EBB5-77B7-927BCF420EBE}
Office 15 Click-to-Run Extensibility Component-->MsiExec.exe /X{90150000-008C-0000-0000-0000000FF1CE}
Office 15 Click-to-Run Licensing Component-->MsiExec.exe /I{90150000-008F-0000-1000-0000000FF1CE}
Office 15 Click-to-Run Localization Component-->MsiExec.exe /X{90150000-008C-0405-0000-0000000FF1CE}
Opera Stable 27.0.1689.69-->"C:\Program Files (x86)\Opera\Launcher.exe" /uninstall
Photo Common-->MsiExec.exe /X{49110532-D289-4BFF-807C-45B782E66A7C}
Photo Common-->MsiExec.exe /X{C67BC332-A59A-4D40-977F-664F60AB21D8}
Photo Common-->MsiExec.exe /X{EB91007A-0110-42A6-B869-2709955A9B2A}
Photo Gallery-->MsiExec.exe /X{30F99474-EBE3-4134-A02B-F6CD38CFE243}
Photo Gallery-->MsiExec.exe /X{63824BC0-B747-43F3-9863-1066D64AD919}
PSPad editor-->"C:\Program Files (x86)\PSPad editor\Uninst\unins000.exe"
Ralink Bluetooth Stack64-->MsiExec.exe /X{8512497A-DF9B-3169-B290-2C18E9F976F1}
Ralink RT3290 802.11bgn Wi-Fi Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}\setup.exe" -runfromtemp -removeonly
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{6A1E6C95-CDE5-4E8C-A712-79C0985DAFE6}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{D0D69BA5-4BD9-439E-804F-07DC80CF5408}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{0665F3BA-FCE2-4CB1-ACDD-19544B0E4C14}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{1EE5FA17-F624-438C-B7AC-7C5A41E90FA2}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{A5B39813-17B0-4481-B19E-9C57C0BF1EE0}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{5EE42B42-1159-435C-898A-2A3298453B20}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{0BC570F0-7352-4A3A-B2A2-CA56ADA7375F}" "1029" "0"
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3D0C726C-AA67-4078-9046-24F95B738B6A}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0405-0000-0000000FF1CE}" "{A71E3AD4-5545-4D59-9F11-75F363563C6A}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{8925227F-C7B5-4C95-AB58-4FCF2433DAEE}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{09A9DF49-DA06-4093-A2FD-F339211E39EA}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-041B-0000-0000000FF1CE}" "{0C337AF5-E6A7-4B6B-8F8E-08F9C6F956B4}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{E4D76E88-C65F-4003-9C71-EC4306679D17}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0405-1000-0000000FF1CE}" "{7F5CE17A-23B9-4EED-B017-A7EF4547476C}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0405-0000-0000000FF1CE}" "{EA82267F-4AAB-46BA-AD6A-9EBB544D0EF7}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0044-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{2C911571-C8B6-400B-B323-417C1806E866}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00BA-0405-0000-0000000FF1CE}" "{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}" "1029" "0"
Skype Click to Call-->MsiExec.exe /X{6D1221A9-17BF-4EC0-81F2-27D30EC30701}
Skype™ 6.14-->MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TmNationsForever-->"C:\Program Files (x86)\TmNationsForever\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}" "1029" "0"
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0405-0000-0000000FF1CE}" "{24C87C37-90DB-4DEB-AE8B-7F533CF0D7D9}" "1029" "0"
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{24C87C37-90DB-4DEB-AE8B-7F533CF0D7D9}" "1029" "0"
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0405-0000-0000000FF1CE}" "{24C87C37-90DB-4DEB-AE8B-7F533CF0D7D9}" "1029" "0"
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{302A8FE3-EBF5-486C-A431-16A1CD914443}" "1029" "0"
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{302A8FE3-EBF5-486C-A431-16A1CD914443}" "1029" "0"
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}" "1029" "0"
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{39767ECA-1731-45DB-AB5B-6BF40E151D66}" "1029" "0"
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{8BEEA2FC-D416-428A-B52A-A3ED45921151}" "1029" "0"
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{8BEEA2FC-D416-428A-B52A-A3ED45921151}" "1029" "0"
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}" "1029" "0"
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1029" "0"
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}" "1029" "0"
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{287A1E92-9E41-4BC1-8920-B3D0E9220800}" "1029" "0"
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{A4F91D60-654C-4892-BFD3-0D41ADA649B6}" "1029" "0"
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{9D69691D-823D-4C3E-9B12-563A3F520366}" "1029" "0"
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{B0D1579E-E814-4779-A1EE-CFF95D68E265}" "1029" "0"
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{0B7744D2-1FDD-4843-9987-7CE11B79F370}" "1029" "0"
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{5AA578BB-759C-40FD-9661-A737C0884541}" "1029" "0"
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}" "1029" "0"
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{BA610006-2C39-4419-9834-CF61AB24810A}" "1029" "0"
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}" "1029" "0"
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}" "1029" "0"
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{8158D96B-083A-4FE4-8587-B5D0F49FE4B8}" "1029" "0"
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{B0D672F7-883E-4279-8E75-D97A5445AB46}" "1029" "0"
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{D1C4AD0B-CC79-41D2-8D6A-571E7B30658C}" "1029" "0"
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{CFB80344-FCBA-4C03-AD77-D49E82F14C3E}" "1029" "0"
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0407-0000-0000000FF1CE}" "{60C9499F-B532-4206-AB19-F88C3A7684D5}" "1029" "0"
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{E762A933-274B-4860-B066-A39FAB0838FD}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{A87EDEA3-4861-4D99-9B36-F442740F1287}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{A87EDEA3-4861-4D99-9B36-F442740F1287}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-0000-0000000FF1CE}" "{A6CAC541-0269-4BCB-B759-31D7FBB02227}" "1029" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{2AB483F1-C86E-427A-83B4-23889B03512D}" "1029" "0"
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{D02AE7ED-5B00-4251-B7D5-F9590899EEEA}" "1029" "0"
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{6C727BC2-B2B9-4B03-BD7E-682EA6FA1C04}" "1029" "0"
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0405-0000-0000000FF1CE}" "{EFF9CBEC-AC1C-4F64-BF8B-FAF088911BAF}" "1029" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{F9F5A080-AF38-4966-9A6B-C43DCA465035}" "1029" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F9F5A080-AF38-4966-9A6B-C43DCA465035}" "1029" "0"
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7B29D8B8-6A87-496C-A65E-B935E740448A}" "1029" "0"
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{38CF30E4-3348-4BD1-A859-B630C355A56F}" "1029" "0"
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{0454BB9A-2A7A-4214-BDFF-937F7A711A44}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}
Windows Live Essentials-->MsiExec.exe /I{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}
Windows Live Essentials-->MsiExec.exe /I{C4D82144-B2D5-4A0E-A470-16F13EBC5BCB}
Windows Live Installer-->MsiExec.exe /I{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}
Windows Live Photo Common-->MsiExec.exe /X{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}
Windows Live PIMT Platform-->MsiExec.exe /I{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}
Windows Live SOXE Definitions-->MsiExec.exe /I{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}
Windows Live SOXE-->MsiExec.exe /I{FE7C0B3D-50B9-4951-BE78-A321CBF86552}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{56232E3D-7EA9-45E0-A371-26CD80510AF7}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{E18F981B-401C-4D90-BC57-D8903564D558}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}
Windows Live UX Platform-->MsiExec.exe /I{4CCBD1F4-CEEC-452A-9CB8-46564B501315}
WinRAR 4.20 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: caja
Event Code: 7034
Message: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.
Record Number: 47433
Source Name: Service Control Manager
Time Written: 20150214084434.986449-000
Event Type: Chyba
User:

Computer Name: caja
Event Code: 104
Message: Byl vymazán soubor protokolu Windows PowerShell.
Record Number: 47432
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150214084129.225459-000
Event Type: Informace
User: CAJA\cajuska

Computer Name: caja
Event Code: 104
Message: Byl vymazán soubor protokolu Key Management Service.
Record Number: 47431
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150214084129.053575-000
Event Type: Informace
User: CAJA\cajuska

Computer Name: caja
Event Code: 104
Message: Byl vymazán soubor protokolu Internet Explorer.
Record Number: 47430
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150214084128.912928-000
Event Type: Informace
User: CAJA\cajuska

Computer Name: caja
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 47429
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150214084128.709799-000
Event Type: Informace
User: CAJA\cajuska

=====Application event log=====

Computer Name: caja
Event Code: 105
Message: SearchIndexer (6860) Windows: Databázový stroj spustil novou instanci (0). (Čas=0 s)

Sekvence interního načasování: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.000, [5] 0.125, [6] 0.109, [7] 0.016, [8] 0.000, [9] 0.000, [10] 0.000.
Record Number: 124950
Source Name: ESENT
Time Written: 20150214084452.000000-000
Event Type: Informace
User:

Computer Name: caja
Event Code: 302
Message: SearchIndexer (6860) Windows: Databázový stroj úspěšně dokončil obnovení.
Record Number: 124949
Source Name: ESENT
Time Written: 20150214084452.000000-000
Event Type: Informace
User:

Computer Name: caja
Event Code: 301
Message: SearchIndexer (6860) Windows: Databázový stroj začal přehrávat soubor protokolu C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.log.
Record Number: 124948
Source Name: ESENT
Time Written: 20150214084452.000000-000
Event Type: Informace
User:

Computer Name: caja
Event Code: 300
Message: SearchIndexer (6860) Windows: Databázový stroj provádí inicializaci jednotlivých kroků obnovení.
Record Number: 124947
Source Name: ESENT
Time Written: 20150214084452.000000-000
Event Type: Informace
User:

Computer Name: caja
Event Code: 102
Message: SearchIndexer (6860) Windows: Databázový stroj (6.03.9600.0000) spouští novou instanci (0).
Record Number: 124946
Source Name: ESENT
Time Written: 20150214084452.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: caja
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 277560
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150214084451.627867-000
Event Type: Úspěšný audit
User:

Computer Name: caja
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: CAJA$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Typ přihlášení: 5

Úroveň zosobnění: Zosobnění

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2c8
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 277559
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150214084451.627867-000
Event Type: Úspěšný audit
User:

Computer Name: caja
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 277558
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150214084440.080447-000
Event Type: Úspěšný audit
User:

Computer Name: caja
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: CAJA$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Typ přihlášení: 5

Úroveň zosobnění: Zosobnění

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3E7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x2c8
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole úrovně zosobnění označuje rozsah, ve kterém může být proces v přihlašovací relaci zosobněn.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 277557
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150214084440.080447-000
Event Type: Úspěšný audit
User:

Computer Name: caja
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-1588138806-3596703179-3158443836-1001
Název účtu: cajuska
Název domény: CAJA
ID přihlášení: 0xC26186
Record Number: 277556
Source Name: Microsoft-Windows-Eventlog
Time Written: 20150214084128.428558-000
Event Type: Úspěšný audit
User:

======Environment variables======

"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"Path"=C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
"OnlineServices"=Online Services
"Platform"=MCD
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\
"PCBRAND"=Pavilion

-----------------EOF-----------------

[vyosek]

Zdravim

Dejte log.txt, najdete jej v c:\rsit

[cajuska3]

Logfile of random's system information tool 1.10 (written by random/random)
Run by cajuska at 2015-02-14 10:03:44
Microsoft Windows 8.1
System drive C: has 597 GB (64%) free of 933 GB
Total RAM: 8084 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:28, on 14. 2. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\cajuska.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{058BEA91-34AE-4706-B3A7-6F9E6321C5BE}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{92C0D9DB-3778-47A6-A469-9E7BF453B24B}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD80B8F4-E1B7-4586-B5B1-B469058CF72D}: NameServer = 194.228.211.33 160.218.161.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{058BEA91-34AE-4706-B3A7-6F9E6321C5BE}: NameServer =
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem16.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12298 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
atieclxx
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\Hpservice.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\spoolsv.exe
taskeng.exe {0C0BF815-CCA3-419F-8EFF-5AF56E9FD496}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE"
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
dashost.exe {d7083498-2daa-4f78-8cad191b9cee84c4}
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\SysWOW64\svchost.exe -k MbnExt
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-355f93de-2f4d-4f15-989e-4661f428d950 -SystemEventPortName:HostProcess-0cb5d3e0-69e6-45ca-88ec-b73c6698e43e -IoCancelEventPortName:HostProcess-f402c0c8-3c47-4b57-8c8d-ef9b8880a3ff -NonStateChangingEventPortName:HostProcess-ccf649c8-1ff1-4795-a539-6f31747fff7c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:335540a8-1522-4b6f-90f7-28fa8fad73ac -DeviceGroupId:WpdFsGroup
taskhostex.exe
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" /byrunkey
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe"
"C:\WINDOWS\system32\rundll32.exe" "c:\program files (x86)\t-mobile\web'n'walk manager\mbnext.dll",HuaweiNdisConnect HUAWEI Mobile Connect - Network Adapter #3
internet


0
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe" /c /a /s UserSession
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2128.0.258240076\1080852720" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,39 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3621 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2128.5.1840716756\1937197657" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
taskhost.exe $(Arg0)
"C:\Users\cajuska\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group18 pct:1i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_24/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="2128.18.487476904\1199787109" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group18 pct:1i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_24/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="2128.23.549491767\98415487" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group18 pct:1i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_24/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="2128.24.1428803036\2035510316" /prefetch:673131151


======Scheduled tasks folder======

C:\WINDOWS\tasks\AutoKMS.job - C:\WINDOWS\AutoKMS.exe

[vyosek]

Jak se ta potvora projevuje

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[cajuska3]

Projevuje se tím, že mi vyskakujou na stránkách reklamy, nebo co to je.

# AdwCleaner v4.110 - Logfile created 14/02/2015 at 14:37:37
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : cajuska - CAJA
# Running from : C:\Users\cajuska\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v32.0.2 (x86 cs)


-\\ Google Chrome v40.0.2214.111


-\\ Opera v27.0.1689.69


*************************

AdwCleaner[R0].txt - [15725 bytes] - [14/02/2015 09:42:34]
AdwCleaner[R1].txt - [1714 bytes] - [14/02/2015 14:32:19]
AdwCleaner[S0].txt - [14712 bytes] - [14/02/2015 09:44:19]
AdwCleaner[S1].txt - [1387 bytes] - [14/02/2015 14:37:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1446 bytes] ##########

[vyosek]

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[cajuska3]

Zoek.exe v5.0.0.0 Updated 13-February-2015
Tool run by cajuska on so 14. 02. 2015 at 21:52:34,65.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\cajuska\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14. 2. 2015 21:54:23 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\Symantec deleted successfully
C:\PROGRA~3\Ashampoo deleted successfully
C:\Users\cajuska\AppData\Local\cache deleted successfully
C:\Users\cajuska\AppData\Local\CrashDumps deleted successfully
C:\Users\cajuska\AppData\Local\GHISLER deleted successfully
C:\Users\cajuska\AppData\Local\HP Quick Start deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1588138806-3596703179-3158443836-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\cajuska\AppData\Roaming\Mozilla\Firefox\Profiles\wkf8cow9.default\prefs.js:

Added to C:\Users\cajuska\AppData\Roaming\Mozilla\Firefox\Profiles\wkf8cow9.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\cajuska\AppData\Roaming\Mozilla\Firefox\Profiles\wkf8cow9.default

user.js not found
---- Lines a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829 removed from prefs.js ----
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.coma389579c4efa94d96a1dd3c86f7bd
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.coma389579c4efa94d96a1dd3c86f7bd
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.comasyncdb_dbWasSet", true);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.comasyncdb_dbWasSet_FF25_FIX", t
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.comasyncinternaldb_dbWasSet", tr
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.comasyncinternaldb_dbWasSet_FF25
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.active", true);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.addressbar", "NA");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.addressbarenhanced", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.asyncdb.was_copied", "true");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.asyncinternaldb.was_copied", "true");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.backgroundver", 1);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.certdomaininstaller", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.cookie.InstallationTime.value", "%221423854730%22");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.description", "Just Save");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.domain", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.enablesearch", false);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.homepage", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.changeprevious", false);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.iframe", false);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.InstallationThankYouPage", true);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.InstallationTime", 1423854730);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.__defualt_browser__.value", "%22ch%22");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B0%2C125829
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22install
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22DCB979
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001504%22%
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 203
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.reporting_user_key_index.expiration", "Mon Feb 10 2025 20:29:37
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.reporting_user_key_index.value", "173");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_appVer.value", "18");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_nextCheck.expiration", "Sat Feb 14 2015 02:29:37 GMT+0
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.lastDailyReport", "1423855775787");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.lastUpdate", "1423855775502");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.manifesturl", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.name", "SavePass 1.1");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.newtab", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.opensearch", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.pluginsurl", "http://js.ourgendataservice.com/plugin/ ... lugins/na/
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.pluginsversion", 14);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.publisher", "OB");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.searchstatus", 0);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.setnewtab", false);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.thankyou", "");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.updateinterval", 360);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.69829.ver", 18);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.apps", "69829");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.bic", "14b846aec7de21a3e0c15ec1534aad7c");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.cid", 69829);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.firstrun", false);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.hadappinstalled", true);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.installationdate", 1423855775);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.installerAdditionalInfo", "{\"asw\":[0, 12582981, -2147483648, 0],\"browser_name\
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.modetype", "production");
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.reportInstall", true);
user_pref("extensions.a389579c4efa94d96a1dd3c86f7bd1a51gmailcom69829.statsDailyCounter", 1);
---- Lines aOIBMBKA115048682HYKFIU97176590com69065 removed from prefs.js ----
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.active", true);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.addressbar", "NA");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.addressbarenhanced", "");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.asyncdb.was_copied", "true");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.asyncinternaldb.was_copied", "true");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.backgroundver", 1);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.certdomaininstaller", "");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.InstallationTime.value", "%221423854491%22");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22002658%22%2C%22sub_id%22%3
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.previous_page.value", "%22http%3A//www.microsoft-toolkit.com/%22");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.cookie.user_id.value", "%2214b846aec7de21a3e0c15ec1534aad7c%22");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.description", "Lights out for YouTube");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.domain", "");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.enablesearch", false);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.homepage", "");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.changeprevious", false);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.iframe", false);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.InstallationThankYouPage", true);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.InstallationTime", 1423854491);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.__defualt_browser__.value", "%22ch%22");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+0
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B0%2C69%2C-2147483
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22DCB979C9B5674
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22002658%22%2C%22sub_id%
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22002658%22%2C%22su
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GM
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22DCB9
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 203
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.reporting_user_key_index.expiration", "Mon Feb 10 2025 20:29:37 GMT+010
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.reporting_user_key_index.value", "126");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_appVer.value", "61");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_nextCheck.expiration", "Sat Feb 14 2015 02:29:37 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.lastDailyReport", "1423855775772");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.lastUpdate", "1423855775321");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.manifesturl", "");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.name", "CinemaP-1.8cV13.02");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.newtab", "");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comaOIBMBKA115048682HYKFIU97176590com69065_dbWasSe
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comaOIBMBKA115048682HYKFIU97176590com69065_dbWasSe
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comasyncdb_dbWasSet", true);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.OIBMBKA115048682@HYKFIU97176590.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.opensearch", "");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.pluginsurl", "http://js.ourgendataservice.com/plugin/ ... na/ff/plug
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.pluginsversion", 56);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.publisher", "Cinema PlusV13.02");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.searchstatus", 0);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.setnewtab", false);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.thankyou", "");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.updateinterval", 360);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.69065.ver", 61);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.apps", "69065");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.bic", "14b846aec7de21a3e0c15ec1534aad7c");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.cid", 69065);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.firstrun", false);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.hadappinstalled", true);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.installationdate", 1423855775);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.installerAdditionalInfo", "{\"asw\":[0, 69, -2147483648, 0],\"browser_name\":\"ff\",\"pr
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.modetype", "production");
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.reportInstall", true);
user_pref("extensions.aOIBMBKA115048682HYKFIU97176590com69065.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----

prefs_201514.02._2205_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command]
@="C:\\Program Files (x86)\\Opera\\Launcher.exe"

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\Advanced Micro Devices, Inc\24cb4bc4-4590-439c-8ee2-60a86202e8c9.dll deleted
C:\Program Files (x86)\Advanced Micro Devices, Inc\92d824c9-9c6f-41de-a33f-7fe6ffeb2abe.dll deleted
C:\PROGRA~2\112dced7-7f86-4c9c-921d-bf3e561afa0a deleted
C:\PROGRA~2\92d824c9-9c6f-41de-a33f-7fe6ffeb2abe deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\tasks\MKB.job deleted
C:\windows\SysNative\tasks\MKB deleted
C:\WINDOWS\tasks\NLLESK.job deleted
C:\windows\SysNative\tasks\NLLESK deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\cajuska\AppData\Roaming\MKB.exe deleted
C:\Users\cajuska\AppData\Roaming\NLLESK.exe deleted
C:\Users\cajuska\AppData\Roaming\Mozilla\Firefox\Profiles\wkf8cow9.default\extensions\OIBMBKA115048682@HYKFIU97176590.com deleted
"C:\Users\cajuska\AppData\Roaming\MKB" deleted
"C:\Users\cajuska\AppData\Roaming\NLLESK" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\cajuska\AppData\Roaming\Mozilla\Firefox\Profiles\wkf8cow9.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn" [14. 02. 2015 21:34]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\cajuska\AppData\Roaming\Mozilla\Firefox\Profiles\wkf8cow9.default
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
DAD55CEF682EAE6FA7B4C9487563A496 - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll - Shockwave for Director / Shockwave for Director


==== Chromium Look ======================

Google Chrome Version: 40.0.2214.111 (Up to date, latest Stable version: 40.0.2214.111)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14. 07. 2014 17:22]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[20. 09. 2014 09:52]

Cyti Web - cajuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\andipkffoiligjpnnjkooomldbjhnaac
SavePass 1.1 - cajuska\AppData\Roaming\Opera Software\Opera Stable\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh
CinemaP-1.8cV13.02 - cajuska\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb

==== Chromium Fix ======================

C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\cajuska\AppData\Roaming\Opera Software\Opera Stable\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh deleted successfully
C:\Users\cajuska\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb deleted successfully
C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\andipkffoiligjpnnjkooomldbjhnaac deleted successfully
C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_andipkffoiligjpnnjkooomldbjhnaac_0.localstorage deleted successfully
C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_andipkffoiligjpnnjkooomldbjhnaac_0.localstorage-journal deleted successfully
C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\andipkffoiligjpnnjkooomldbjhnaac deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\cajuska\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\cajuska\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\cajuska\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\cajuska\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\cajuska\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\cajuska\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\cajuska\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=359 folders=57 21351298 bytes)

==== Empty Temp Folders ======================

C:\Users\cajuska\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\cajuska\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on so 14. 02. 2015 at 22:10:16,82 ======================

[vyosek]

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

[cajuska3]

Když mi to dalo 2 logy FRST2.txt a FRST3.txt tak dat tady oba? Zřejmě blba otázka, ale moc tomu nerozumím tak se raději ptám, děkuji.

[vyosek]

Dejte prosim FRST3.txt

[cajuska3]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by cajuska (administrator) on CAJA on 16-02-2015 12:33:52
Running from C:\Users\cajuska\Desktop
Loaded Profiles: cajuska (Available profiles: cajuska)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\cajuska\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3015920 2013-02-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-05] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\Run: [T-Mobile CManager] => C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {3283b2e5-ea8e-11e3-bea3-a0481c1347b1} - "F:\Autorun.exe"
HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {a4b37540-941a-11e4-bee4-70188b87fb02} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {a995346b-e87d-11e3-bea0-a0481c1347b1} - "G:\Autorun.exe"
HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {c2135faf-0840-11e4-beb5-70188b87fb02} - "G:\Autorun.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKLM -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKLM-x32 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1588138806-3596703179-3158443836-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{058BEA91-34AE-4706-B3A7-6F9E6321C5BE}: [NameServer]
Tcpip\..\Interfaces\{92C0D9DB-3778-47A6-A469-9E7BF453B24B}: [NameServer]
Tcpip\..\Interfaces\{CD80B8F4-E1B7-4586-B5B1-B469058CF72D}: [NameServer] 194.228.211.33 160.218.161.60

FireFox:
========
FF ProfilePath: C:\Users\cajuska\AppData\Roaming\Mozilla\Firefox\Profiles\wkf8cow9.default
FF Homepage: about:home
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-16]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-14]
CHR Extension: (Dokumenty Google) - C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Disk Google) - C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-29]
CHR Extension: (YouTube) - C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-29]
CHR Extension: (Vyhledávání Google) - C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-29]
CHR Extension: (Tabulky Google) - C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-14]
CHR Extension: (Peněženka Google) - C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-29]
CHR Extension: (Gmail) - C:\Users\cajuska\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1626872 2013-01-31] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MbnExt; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49200 2013-02-26] (Ralink Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [238080 2012-04-23] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150213.001\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150215.024\ENG64.SYS [129752 2015-01-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150215.024\EX64.SYS [2137304 2015-01-27] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-02] (RTS Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-02-06] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 12:33 - 2015-02-16 12:34 - 00022568 _____ () C:\Users\cajuska\Desktop\FRST.txt
2015-02-16 12:33 - 2015-02-16 12:33 - 00000000 ____D () C:\FRST
2015-02-16 12:30 - 2015-02-16 12:30 - 00112640 _____ (forum.viry.cz) C:\Users\cajuska\Desktop\FRSTLauncher.exe
2015-02-16 12:29 - 2015-02-16 12:29 - 02085888 _____ (Farbar) C:\Users\cajuska\Desktop\FRST64.exe
2015-02-16 12:29 - 2015-02-16 12:29 - 00112640 _____ (forum.viry.cz) C:\Users\cajuska\Downloads\Nepotvrzeno 703779.crdownload
2015-02-16 12:29 - 2015-02-16 12:29 - 00112640 _____ (forum.viry.cz) C:\Users\cajuska\Downloads\Nepotvrzeno 369900.crdownload
2015-02-16 00:35 - 2015-02-16 00:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-16 00:20 - 2015-02-16 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-16 00:19 - 2015-02-16 00:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-16 00:19 - 2015-02-16 00:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-02-14 22:09 - 2015-02-16 12:05 - 00005604 _____ () C:\WINDOWS\PFRO.log
2015-02-14 22:08 - 2015-02-14 21:52 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-02-14 21:54 - 2015-02-14 22:10 - 00033522 _____ () C:\zoek-results.log
2015-02-14 21:52 - 2015-02-14 22:09 - 00000000 ____D () C:\zoek_backup
2015-02-14 21:52 - 2015-02-14 21:52 - 01304576 _____ () C:\Users\cajuska\Desktop\zoek.exe
2015-02-14 13:38 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-14 13:38 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-14 13:38 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-14 13:38 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-14 13:38 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-14 13:38 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-14 13:38 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-14 13:38 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-14 13:38 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-14 13:38 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-14 13:33 - 2015-02-16 12:06 - 00000308 _____ () C:\WINDOWS\setupact.log
2015-02-14 13:33 - 2015-02-14 13:33 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-14 13:29 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-14 13:29 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-14 13:29 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-14 13:29 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-14 13:29 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-14 13:29 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-14 13:29 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-14 13:29 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-14 13:29 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-14 13:29 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-14 13:29 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-14 13:29 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-14 13:29 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-14 13:28 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-14 13:28 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-14 13:28 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-14 13:28 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-14 13:28 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-14 13:28 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-14 13:28 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-14 13:28 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-14 13:28 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-14 13:28 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-14 13:28 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-14 13:28 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-14 13:28 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-14 13:28 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-14 13:28 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-14 13:28 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-14 13:28 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-14 13:28 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-14 13:28 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-14 13:28 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-14 13:28 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-14 13:28 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-14 13:28 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-14 13:28 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-14 13:28 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-14 13:28 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-14 13:28 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-14 13:28 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-14 13:28 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-14 13:28 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-14 13:28 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-14 13:28 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-14 13:28 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-14 13:28 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-14 13:28 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-14 13:28 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-14 13:28 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-14 13:28 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-14 13:28 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-14 13:28 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-14 13:28 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-14 13:28 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-14 13:28 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-14 13:28 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-14 13:28 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-14 13:28 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-14 13:28 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-14 13:28 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-14 13:28 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-14 13:28 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-14 10:03 - 2015-02-14 10:25 - 00000000 ____D () C:\rsit
2015-02-14 10:03 - 2015-02-14 10:25 - 00000000 ____D () C:\Program Files\trend micro
2015-02-14 10:03 - 2015-02-14 10:03 - 01222144 _____ () C:\Users\cajuska\Downloads\RSITx64.exe
2015-02-14 09:42 - 2015-02-14 14:37 - 00000000 ____D () C:\AdwCleaner
2015-02-14 09:34 - 2015-02-14 09:34 - 02112512 _____ () C:\Users\cajuska\Desktop\adwcleaner_4.110.exe
2015-02-14 09:34 - 2015-02-14 09:34 - 01388274 _____ (Thisisu) C:\Users\cajuska\Desktop\JRT.exe
2015-02-14 09:34 - 2015-02-14 09:34 - 00000000 ____D () C:\Users\cajuska\DoctorWeb
2015-02-13 21:48 - 2015-02-14 22:10 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-13 21:43 - 2015-02-16 12:30 - 01516879 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-13 21:02 - 2015-02-13 21:02 - 00002776 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-13 21:02 - 2015-02-13 21:02 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-13 21:02 - 2015-02-13 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-13 21:02 - 2015-02-13 21:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-13 20:58 - 2015-02-13 20:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-13 20:18 - 2015-02-13 20:18 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2015-02-13 20:08 - 2015-02-16 00:32 - 00000000 ____D () C:\Program Files (x86)\CinemaP-1.8cV13.02
2015-02-13 20:06 - 2015-02-13 20:07 - 00613144 _____ () C:\Users\cajuska\Downloads\Microsoft_Toolkit_2.5.3.exe
2015-02-13 19:58 - 2015-02-16 12:06 - 00000214 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-02-13 19:58 - 2015-02-15 19:58 - 00000214 _____ () C:\WINDOWS\Tasks\AutoKMSDaily.job
2015-02-13 19:58 - 2015-02-13 19:58 - 00002732 _____ () C:\WINDOWS\System32\Tasks\AutoKMSDaily
2015-02-13 19:58 - 2015-02-13 19:58 - 00002426 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-02-13 19:58 - 2015-02-13 19:58 - 00000184 _____ () C:\WINDOWS\AutoKMS.ini
2015-02-06 20:21 - 2015-02-06 20:21 - 00000567 _____ () C:\Users\cajuska\Downloads\Settings.ini
2015-02-03 23:51 - 2015-02-03 23:51 - 00003148 _____ () C:\WINDOWS\System32\Tasks\{557F2D71-244D-4372-9E3F-BF8E4C09FC5B}
2015-02-03 23:14 - 2015-02-10 21:51 - 00000000 ____D () C:\Users\cajuska\Desktop\tom
2015-02-03 23:09 - 2015-02-05 13:21 - 00000000 ____D () C:\ProgramData\TrackMania
2015-02-03 23:07 - 2015-02-05 22:05 - 00000000 ____D () C:\Users\cajuska\Documents\TrackMania
2015-02-03 23:07 - 2015-02-03 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
2015-02-03 23:07 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2015-02-03 23:07 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2015-02-03 23:07 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2015-02-03 23:07 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2015-02-03 23:07 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2015-02-03 23:07 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2015-02-03 23:07 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2015-02-03 23:07 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2015-02-03 23:07 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2015-02-03 23:07 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2015-02-03 23:07 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2015-02-03 23:07 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2015-02-03 23:07 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2015-02-03 23:07 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2015-02-03 23:07 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2015-02-03 23:07 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2015-02-03 23:07 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2015-02-03 23:07 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2015-02-03 23:07 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2015-02-03 23:07 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2015-02-03 23:07 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2015-02-03 23:07 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2015-02-03 23:07 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2015-02-03 23:06 - 2015-02-03 23:07 - 00000000 ____D () C:\Program Files (x86)\TmNationsForever
2015-02-03 22:40 - 2015-02-03 22:40 - 00000000 ____D () C:\Users\cajuska\Documents\NFS Most Wanted Demo
2015-02-03 22:38 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2015-02-03 22:37 - 2015-02-03 22:37 - 00000000 ____D () C:\NFSMWDemo
2015-02-03 01:07 - 2015-02-03 01:07 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-02-02 20:27 - 2015-02-03 23:53 - 00000000 ____D () C:\Program Files (x86)\Valve
2015-01-24 13:55 - 2015-01-24 13:55 - 00000764 _____ () C:\Users\cajuska\Desktop\filmy – zástupce.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 12:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 12:14 - 2014-07-10 20:55 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AB3A7C05-A997-446B-B169-5DA56B64D278}
2015-02-16 12:13 - 2014-03-18 16:33 - 00006744 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-16 12:13 - 2014-03-18 15:54 - 03150692 _____ () C:\WINDOWS\system32\perfh005.dat
2015-02-16 12:13 - 2014-03-18 15:54 - 00940340 _____ () C:\WINDOWS\system32\perfc005.dat
2015-02-16 12:11 - 2014-07-10 21:51 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-16 12:11 - 2013-11-12 07:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1588138806-3596703179-3158443836-1001
2015-02-16 12:10 - 2014-07-10 15:26 - 00000000 __RDO () C:\Users\cajuska\OneDrive
2015-02-16 12:06 - 2014-03-22 22:52 - 00000966 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 12:06 - 2013-09-04 22:14 - 00003616 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-02-16 12:06 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 12:06 - 2013-03-04 15:30 - 00000983 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-02-16 00:35 - 2014-06-17 10:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-16 00:35 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-16 00:35 - 2012-07-26 06:26 - 00000269 _____ () C:\WINDOWS\win.ini
2015-02-16 00:34 - 2013-11-20 14:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-16 00:24 - 2013-11-20 14:48 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-16 00:21 - 2014-12-09 23:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-16 00:21 - 2014-08-11 14:27 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-15 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-15 12:09 - 2013-11-14 07:37 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-02-14 23:35 - 2013-11-12 09:36 - 00000000 ____D () C:\Users\cajuska\Documents\Youcam
2015-02-14 22:08 - 2014-07-10 10:23 - 00000000 ____D () C:\Users\cajuska
2015-02-14 22:08 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-14 22:05 - 2014-07-10 17:06 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
2015-02-14 22:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-02-14 14:43 - 2013-08-22 15:44 - 00543840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-14 09:44 - 2014-08-14 09:59 - 00001084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-14 09:44 - 2014-08-14 09:59 - 00001072 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-14 09:44 - 2014-07-29 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-14 09:44 - 2014-07-10 21:51 - 00001017 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-14 09:44 - 2014-07-10 20:55 - 00001317 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 09:44 - 2014-07-10 15:11 - 00000992 _____ () C:\Users\cajuska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-13 21:25 - 2014-07-10 11:12 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-13 20:12 - 2013-11-12 10:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-13 20:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-11 22:37 - 2014-07-10 21:51 - 00003822 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1405025502
2015-02-11 21:45 - 2014-06-17 10:37 - 00000000 ____D () C:\Users\cajuska\AppData\Local\Microsoft Help
2015-02-08 13:26 - 2013-11-14 07:37 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-04 00:35 - 2013-09-04 22:14 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-02-03 22:37 - 2013-06-20 09:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-03 22:27 - 2014-03-22 22:52 - 00003942 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-03 22:27 - 2014-03-22 22:52 - 00003706 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 22:27 - 2014-03-22 22:52 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 20:29 - 2014-05-05 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-27 11:58 - 2014-04-01 22:59 - 00010752 _____ () C:\Users\cajuska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-27 10:59 - 2015-01-13 03:55 - 00000625 _____ () C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2015-01-27 10:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-27 02:34 - 2013-11-16 18:29 - 00000000 ____D () C:\MOJE
2015-01-26 18:19 - 2013-11-17 19:28 - 00000000 ____D () C:\Users\cajuska\AppData\Roaming\Skype
2015-01-17 15:48 - 2015-01-13 04:17 - 00000000 ____D () C:\WINDOWS\SysWOW64\ivtMobCache
2015-01-17 15:25 - 2015-01-13 03:56 - 00003588 _____ () C:\WINDOWS\SysWOW64\SHORTCUT.INI

==================== Files in the root of some directories =======

2014-04-01 22:59 - 2015-01-27 11:58 - 0010752 _____ () C:\Users\cajuska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-14 22:42




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows) (Fixed) (Total:910.94 GB) (Free:581.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.36 GB) (Free:1.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:7.39 GB) (Free:0.38 GB) FAT32
Drive g: (HUAWEI) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

Available physical RAM: 5987.21 MB
Total physical RAM: 8084.27 MB
Percentage of memory in use: 25%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: 819E561E)
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\cajuska\OneDrive:ms-properties

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\cajuska\Desktop" je 510 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {3283b2e5-ea8e-11e3-bea3-a0481c1347b1} - "F:\Autorun.exe" 
  HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {a4b37540-941a-11e4-bee4-70188b87fb02} - "G:\HTC_Sync_Manager_PC.exe" 
  HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {a995346b-e87d-11e3-bea0-a0481c1347b1} - "G:\Autorun.exe" 
  HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {c2135faf-0840-11e4-beb5-70188b87fb02} - "G:\Autorun.exe" 
  
  SearchScopes: HKLM -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
  SearchScopes: HKLM-x32 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  
  CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
  CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
  CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
  
  R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
  R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
  
  C:\Program Files (x86)\Skype\Toolbars
  2015-02-16 12:33 - 2015-02-16 12:34 - 00022568 _____ () C:\Users\cajuska\Desktop\FRST.txt
  2015-02-16 12:30 - 2015-02-16 12:30 - 00112640 _____ (forum.viry.cz) C:\Users\cajuska\Desktop\FRSTLauncher.exe
  2015-02-16 12:29 - 2015-02-16 12:29 - 00112640 _____ (forum.viry.cz) C:\Users\cajuska\Downloads\Nepotvrzeno 703779.crdownload
  2015-02-16 12:29 - 2015-02-16 12:29 - 00112640 _____ (forum.viry.cz) C:\Users\cajuska\Downloads\Nepotvrzeno 369900.crdownload
  2015-02-14 22:09 - 2015-02-16 12:05 - 00005604 _____ () C:\WINDOWS\PFRO.log
  2015-02-14 22:08 - 2015-02-14 21:52 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
  2015-02-14 21:54 - 2015-02-14 22:10 - 00033522 _____ () C:\zoek-results.log
  2015-02-14 21:52 - 2015-02-14 22:09 - 00000000 ____D () C:\zoek_backup
  2015-02-14 21:52 - 2015-02-14 21:52 - 01304576 _____ () C:\Users\cajuska\Desktop\zoek.exe
  2015-02-14 13:33 - 2015-02-16 12:06 - 00000308 _____ () C:\WINDOWS\setupact.log
  2015-02-14 13:33 - 2015-02-14 13:33 - 00000000 _____ () C:\WINDOWS\setuperr.log
  2015-02-14 10:03 - 2015-02-14 10:25 - 00000000 ____D () C:\rsit
  2015-02-14 10:03 - 2015-02-14 10:25 - 00000000 ____D () C:\Program Files\trend micro
  2015-02-14 10:03 - 2015-02-14 10:03 - 01222144 _____ () C:\Users\cajuska\Downloads\RSITx64.exe
  2015-02-14 09:42 - 2015-02-14 14:37 - 00000000 ____D () C:\AdwCleaner
  2015-02-14 09:34 - 2015-02-14 09:34 - 02112512 _____ () C:\Users\cajuska\Desktop\adwcleaner_4.110.exe
  2015-02-14 09:34 - 2015-02-14 09:34 - 01388274 _____ (Thisisu) C:\Users\cajuska\Desktop\JRT.exe
  2015-02-14 09:34 - 2015-02-14 09:34 - 00000000 ____D () C:\Users\cajuska\DoctorWeb
  2015-02-13 19:58 - 2015-02-16 12:06 - 00000214 _____ () C:\WINDOWS\Tasks\AutoKMS.job
  2015-02-13 19:58 - 2015-02-15 19:58 - 00000214 _____ () C:\WINDOWS\Tasks\AutoKMSDaily.job
  2015-02-13 19:58 - 2015-02-13 19:58 - 00002732 _____ () C:\WINDOWS\System32\Tasks\AutoKMSDaily
  2015-02-13 19:58 - 2015-02-13 19:58 - 00002426 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
  2015-02-13 19:58 - 2015-02-13 19:58 - 00000184 _____ () C:\WINDOWS\AutoKMS.ini
  C:\WINDOWS\AutoKMS.exe
  
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[cajuska3]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by cajuska at 2015-02-18 14:44:55 Run:1
Running from C:\Users\cajuska\Desktop
Loaded Profiles: cajuska (Available profiles: cajuska)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {3283b2e5-ea8e-11e3-bea3-a0481c1347b1} - "F:\Autorun.exe"
HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {a4b37540-941a-11e4-bee4-70188b87fb02} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {a995346b-e87d-11e3-bea0-a0481c1347b1} - "G:\Autorun.exe"
HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\...\MountPoints2: {c2135faf-0840-11e4-beb5-70188b87fb02} - "G:\Autorun.exe"

SearchScopes: HKLM -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {C9DD2AA4-C547-444A-83E9-3ABFF20765EE} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

C:\Program Files (x86)\Skype\Toolbars
2015-02-16 12:33 - 2015-02-16 12:34 - 00022568 _____ () C:\Users\cajuska\Desktop\FRST.txt
2015-02-16 12:30 - 2015-02-16 12:30 - 00112640 _____ (forum.viry.cz) C:\Users\cajuska\Desktop\FRSTLauncher.exe
2015-02-16 12:29 - 2015-02-16 12:29 - 00112640 _____ (forum.viry.cz) C:\Users\cajuska\Downloads\Nepotvrzeno 703779.crdownload
2015-02-16 12:29 - 2015-02-16 12:29 - 00112640 _____ (forum.viry.cz) C:\Users\cajuska\Downloads\Nepotvrzeno 369900.crdownload
2015-02-14 22:09 - 2015-02-16 12:05 - 00005604 _____ () C:\WINDOWS\PFRO.log
2015-02-14 22:08 - 2015-02-14 21:52 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-02-14 21:54 - 2015-02-14 22:10 - 00033522 _____ () C:\zoek-results.log
2015-02-14 21:52 - 2015-02-14 22:09 - 00000000 ____D () C:\zoek_backup
2015-02-14 21:52 - 2015-02-14 21:52 - 01304576 _____ () C:\Users\cajuska\Desktop\zoek.exe
2015-02-14 13:33 - 2015-02-16 12:06 - 00000308 _____ () C:\WINDOWS\setupact.log
2015-02-14 13:33 - 2015-02-14 13:33 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-14 10:03 - 2015-02-14 10:25 - 00000000 ____D () C:\rsit
2015-02-14 10:03 - 2015-02-14 10:25 - 00000000 ____D () C:\Program Files\trend micro
2015-02-14 10:03 - 2015-02-14 10:03 - 01222144 _____ () C:\Users\cajuska\Downloads\RSITx64.exe
2015-02-14 09:42 - 2015-02-14 14:37 - 00000000 ____D () C:\AdwCleaner
2015-02-14 09:34 - 2015-02-14 09:34 - 02112512 _____ () C:\Users\cajuska\Desktop\adwcleaner_4.110.exe
2015-02-14 09:34 - 2015-02-14 09:34 - 01388274 _____ (Thisisu) C:\Users\cajuska\Desktop\JRT.exe
2015-02-14 09:34 - 2015-02-14 09:34 - 00000000 ____D () C:\Users\cajuska\DoctorWeb
2015-02-13 19:58 - 2015-02-16 12:06 - 00000214 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2015-02-13 19:58 - 2015-02-15 19:58 - 00000214 _____ () C:\WINDOWS\Tasks\AutoKMSDaily.job
2015-02-13 19:58 - 2015-02-13 19:58 - 00002732 _____ () C:\WINDOWS\System32\Tasks\AutoKMSDaily
2015-02-13 19:58 - 2015-02-13 19:58 - 00002426 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-02-13 19:58 - 2015-02-13 19:58 - 00000184 _____ () C:\WINDOWS\AutoKMS.ini
C:\WINDOWS\AutoKMS.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3283b2e5-ea8e-11e3-bea3-a0481c1347b1}" => Key deleted successfully.
HKCR\CLSID\{3283b2e5-ea8e-11e3-bea3-a0481c1347b1} => Key not found.
"HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4b37540-941a-11e4-bee4-70188b87fb02}" => Key deleted successfully.
HKCR\CLSID\{a4b37540-941a-11e4-bee4-70188b87fb02} => Key not found.
"HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a995346b-e87d-11e3-bea0-a0481c1347b1}" => Key deleted successfully.
HKCR\CLSID\{a995346b-e87d-11e3-bea0-a0481c1347b1} => Key not found.
"HKU\S-1-5-21-1588138806-3596703179-3158443836-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2135faf-0840-11e4-beb5-70188b87fb02}" => Key deleted successfully.
HKCR\CLSID\{c2135faf-0840-11e4-beb5-70188b87fb02} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE}" => Key deleted successfully.
HKCR\CLSID\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Service deleted successfully.
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
C:\Users\cajuska\Desktop\FRST.txt => Moved successfully.
"C:\Users\cajuska\Desktop\FRSTLauncher.exe" => File/Directory not found.
"C:\Users\cajuska\Downloads\Nepotvrzeno 703779.crdownload" => File/Directory not found.
"C:\Users\cajuska\Downloads\Nepotvrzeno 369900.crdownload" => File/Directory not found.
C:\WINDOWS\PFRO.log => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\cajuska\Desktop\zoek.exe => Moved successfully.
C:\WINDOWS\setupact.log => Moved successfully.
C:\WINDOWS\setuperr.log => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\cajuska\Downloads\RSITx64.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\cajuska\Desktop\adwcleaner_4.110.exe => Moved successfully.
C:\Users\cajuska\Desktop\JRT.exe => Moved successfully.
C:\Users\cajuska\DoctorWeb => Moved successfully.
C:\WINDOWS\Tasks\AutoKMS.job => Moved successfully.
C:\WINDOWS\Tasks\AutoKMSDaily.job => Moved successfully.
C:\WINDOWS\System32\Tasks\AutoKMSDaily => Moved successfully.
C:\WINDOWS\System32\Tasks\AutoKMS => Moved successfully.
C:\WINDOWS\AutoKMS.ini => Moved successfully.
"C:\WINDOWS\AutoKMS.exe" => File/Directory not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 290.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:45:55 ====

[vyosek]

Jak se chova PC???

[cajuska3]

Právě, že se zlepšil. Ty okna už mi na internetu nevyskakujou. Takže děkuji moc za pomoc