Preventika aneb prevít popup Randommprice :-( v chromu

Zpráva

Frenc · #1 Příspěvek od **Frenc** » 04 led 2014 16:25

Logfile of random's system information tool 1.09 (written by random/random)
Run by PC at 2014-01-04 16:24:03
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 18 GB (8%) free of 227 GB
Total RAM: 3070 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:24:28, on 4.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{562AE857-66F7-463B-B75C-1A37EFA39F4E}: NameServer = 147.251.4.33 147.251.6.10
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: prio32.dll c:\progra~3\winfil~1\winfil~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Program Files\Prio\prio_svc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10876 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service
"C:\Windows\system32\rundll32.exe" "c:\progra~3\winfil~1\WinFilterSvc.dll",service
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE"
C:\Windows\System32\svchost.exe -k HPZ12
MSOIDSvcm.exe 2160
"C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Prio\prio_svc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2892
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
adb fork-server server
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" Run
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\alg.exe
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart Plus B209a-m#1344796197" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"LogonUI.exe" /flags:0x0
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"taskhost.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R2_Stable_QueriesAndUrls_NoSERP/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group2/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/default/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --channel="5264.0.1943153226\769175802" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5264.1.1644993996\961903282" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --gpu-vendor-id=0x1002 --gpu-device-id=0x94c9 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.970.100.3000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/PP_EnableZeroSuggest_R2_Stable_QueriesAndUrls_NoSERP/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group2/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-1-Percent/default/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="5264.2.44439544\846412724" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe17_ Global\UsGthrCtrlFltPipeMssGthrPipe17 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\PC\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\AutoKMSDaily.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001UA.job
C:\Windows\tasks\GlaryInitialize 4.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\1oo86dj4.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39]
"Description"=
"Path"=C:\Windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\1oo86dj4.default\extensions\
staged

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
""= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-04 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"Printsrv"=c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="prio.dll C:\PROGRA~3\WINFIL~1\WINFIL~2.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-01-04 15:17:05 ----D---- C:\Program Files\HitmanPro
2014-01-04 15:16:07 ----D---- C:\ProgramData\HitmanPro
2014-01-03 18:48:37 ----D---- C:\Program Files (x86)\RandOmmPRicE
2014-01-03 18:48:33 ----D---- C:\Program Files (x86)\RouboSiaaveer
2014-01-02 10:10:16 ----D---- C:\ProgramData\RandOmmPRicE
2014-01-02 10:10:15 ----D---- C:\ProgramData\mfnghkkhnfhbkebjkkjgdfmoeccjhphi
2014-01-02 10:10:06 ----D---- C:\ProgramData\a5d3e9a779bed7f2
2014-01-02 10:10:03 ----D---- C:\ProgramData\RouboSiaaveer
2013-12-29 21:40:41 ----D---- C:\Program Files\Common Files\DESIGNER
2013-12-29 21:26:16 ----D---- C:\Windows\system32\appmgmt
2013-12-29 21:13:24 ----D---- C:\Program Files (x86)\MSECACHE
2013-12-29 13:33:06 ----D---- C:\ProgramData\WinFilter
2013-12-16 18:13:37 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2013-12-16 16:30:45 ----D---- C:\Program Files\Microsoft Office 15
2013-12-11 22:49:47 ----A---- C:\Windows\system32\wmploc.DLL
2013-12-11 22:49:46 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2013-12-11 22:49:46 ----A---- C:\Windows\SYSWOW64\wmp.dll
2013-12-11 22:49:44 ----A---- C:\Windows\system32\wmp.dll
2013-12-11 22:47:44 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 22:47:43 ----A---- C:\Windows\system32\ieui.dll
2013-12-11 22:47:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-12-11 22:47:42 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-12-11 22:47:42 ----A---- C:\Windows\system32\jsproxy.dll
2013-12-11 22:47:42 ----A---- C:\Windows\system32\ieUnatt.exe
2013-12-11 22:47:42 ----A---- C:\Windows\system32\iesetup.dll
2013-12-11 22:47:42 ----A---- C:\Windows\system32\iernonce.dll
2013-12-11 22:47:42 ----A---- C:\Windows\system32\ie4uinit.exe
2013-12-11 22:47:41 ----A---- C:\Windows\system32\mshtml.dll
2013-12-11 22:47:41 ----A---- C:\Windows\system32\ieetwproxystub.dll
2013-12-11 22:47:41 ----A---- C:\Windows\system32\ieetwcollector.exe
2013-12-11 22:47:40 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2013-12-11 22:47:40 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-12-11 22:47:40 ----A---- C:\Windows\system32\jscript9diag.dll
2013-12-11 22:47:40 ----A---- C:\Windows\system32\ieapfltr.dll
2013-12-11 22:47:39 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-12-11 22:47:39 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-12-11 22:47:39 ----A---- C:\Windows\system32\iertutil.dll
2013-12-11 22:47:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-12-11 22:47:38 ----A---- C:\Windows\system32\wininet.dll
2013-12-11 22:47:38 ----A---- C:\Windows\system32\urlmon.dll
2013-12-11 22:47:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-12-11 22:47:36 ----A---- C:\Windows\system32\ieframe.dll
2013-12-11 22:47:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-12-11 22:47:34 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-12-11 22:47:34 ----A---- C:\Windows\system32\jscript9.dll
2013-12-11 13:35:24 ----A---- C:\Windows\SYSWOW64\msieftp.dll
2013-12-11 13:35:24 ----A---- C:\Windows\system32\msieftp.dll
2013-12-11 13:35:19 ----A---- C:\Windows\system32\win32k.sys
2013-12-11 13:35:17 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2013-12-11 13:35:17 ----A---- C:\Windows\system32\WMPhoto.dll
2013-12-11 13:35:16 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2013-12-11 13:35:16 ----A---- C:\Windows\system32\imagehlp.dll
2013-12-11 13:35:11 ----A---- C:\Windows\SYSWOW64\tzres.dll
2013-12-11 13:35:11 ----A---- C:\Windows\system32\tzres.dll
2013-12-11 13:35:04 ----A---- C:\Windows\system32\drivers\portcls.sys
2013-12-11 13:35:04 ----A---- C:\Windows\system32\drivers\drmk.sys
2013-12-11 13:35:02 ----A---- C:\Windows\SYSWOW64\wscript.exe
2013-12-11 13:35:02 ----A---- C:\Windows\system32\wscript.exe
2013-12-11 13:35:02 ----A---- C:\Windows\system32\scrrun.dll
2013-12-11 13:35:02 ----A---- C:\Windows\system32\cscript.exe
2013-12-11 13:35:01 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2013-12-11 13:35:01 ----A---- C:\Windows\SYSWOW64\cscript.exe

======List of files/folders modified in the last 1 month======

2014-01-04 16:24:16 ----D---- C:\Windows\Temp
2014-01-04 16:24:10 ----D---- C:\Program Files\trend micro
2014-01-04 16:13:26 ----D---- C:\Windows\system32\config
2014-01-04 16:09:27 ----D---- C:\Windows\system32\drivers
2014-01-04 16:01:19 ----SHD---- C:\System Volume Information
2014-01-04 15:44:37 ----D---- C:\Program Files (x86)\Glary Utilities 4
2014-01-04 15:43:17 ----D---- C:\Windows\Tasks
2014-01-04 15:17:05 ----RD---- C:\Program Files
2014-01-04 15:16:07 ----HD---- C:\ProgramData
2014-01-04 14:11:37 ----D---- C:\Users\PC\AppData\Roaming\Winamp
2014-01-04 14:11:21 ----D---- C:\Users\PC\AppData\Roaming\uTorrent
2014-01-04 13:00:06 ----D---- C:\Windows\inf
2014-01-04 13:00:02 ----D---- C:\Windows
2014-01-03 18:48:37 ----RD---- C:\Program Files (x86)
2014-01-02 23:10:41 ----D---- C:\Windows\System32
2014-01-02 23:10:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-12-30 10:11:04 ----D---- C:\Windows\Microsoft.NET
2013-12-30 10:07:40 ----RSD---- C:\Windows\assembly
2013-12-30 09:34:27 ----HD---- C:\Config.Msi
2013-12-29 21:42:47 ----D---- C:\Windows\winsxs
2013-12-29 21:41:12 ----SHD---- C:\Windows\Installer
2013-12-29 21:40:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-12-29 21:40:41 ----D---- C:\Program Files\Common Files
2013-12-29 21:38:57 ----D---- C:\Windows\SysWOW64
2013-12-29 21:33:08 ----D---- C:\ProgramData\Microsoft Help
2013-12-29 21:31:18 ----D---- C:\Program Files\Microsoft Office
2013-12-29 21:29:59 ----RSD---- C:\Windows\Fonts
2013-12-29 21:29:34 ----D---- C:\Windows\ShellNew
2013-12-29 21:29:34 ----D---- C:\Program Files (x86)\MSBuild
2013-12-29 21:27:58 ----D---- C:\Program Files\Common Files\System
2013-12-29 21:22:36 ----D---- C:\ProgramData\HP
2013-12-29 21:22:28 ----D---- C:\Program Files (x86)\HP
2013-12-29 13:33:01 ----D---- C:\Program Files (x86)\SimpleSpeedy
2013-12-24 03:06:24 ----A---- C:\Windows\system32\BootDefrag.exe
2013-12-20 01:35:19 ----A---- C:\Windows\win.ini
2013-12-19 14:48:31 ----D---- C:\Windows\system32\catroot2
2013-12-19 14:47:44 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-18 21:09:56 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-12-18 19:02:33 ----D---- C:\Windows\system32\Tasks
2013-12-18 10:45:35 ----D---- C:\Windows\Panther
2013-12-18 10:45:33 ----D---- C:\Windows\Logs
2013-12-18 10:45:29 ----D---- C:\Windows\debug
2013-12-16 18:58:01 ----SD---- C:\Users\PC\AppData\Roaming\Microsoft
2013-12-16 18:28:32 ----D---- C:\Windows\system32\DriverStore
2013-12-16 18:07:49 ----SD---- C:\ProgramData\Microsoft
2013-12-15 11:05:26 ----D---- C:\Windows\system32\MRT
2013-12-15 11:05:21 ----A---- C:\Windows\system32\MRT.exe
2013-12-12 14:00:10 ----D---- C:\Windows\rescache
2013-12-12 13:13:52 ----D---- C:\Program Files\Windows Media Player
2013-12-12 13:10:48 ----D---- C:\Program Files (x86)\Windows Media Player
2013-12-12 13:10:45 ----D---- C:\Program Files\Internet Explorer
2013-12-12 13:10:45 ----D---- C:\Program Files (x86)\Internet Explorer
2013-12-12 13:10:44 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-12-12 13:10:44 ----D---- C:\Windows\system32\cs-CZ
2013-12-11 22:49:59 ----D---- C:\Windows\system32\catroot
2013-12-11 22:27:05 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-12-05 08:50:01 ----D---- C:\Windows\SYSWOW64\migration
2013-12-05 08:50:00 ----D---- C:\Windows\SYSWOW64\en-US
2013-12-05 08:49:55 ----D---- C:\Windows\PolicyDefinitions
2013-12-05 08:49:54 ----D---- C:\Windows\system32\migration
2013-12-05 08:49:54 ----D---- C:\Windows\system32\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BootDefragDriver;BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys []
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-27 279616]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\SmSerl64.sys [2009-06-10 1227776]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\drivers\serscan.sys [2009-07-14 12288]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS [2013-10-30 37344]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2007-09-17 29184]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2013-08-21 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2013-08-21 158024]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2011-11-27 15672]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2009-06-08 16392]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 03e661da;WinFilter; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-07-04 238080]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HTCMonitorService;HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-05-17 2079520]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 OfficeSvc;Služba Microsoft Office; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-02 1907896]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-08-10 76888]
R2 prio_svc;Prio Service; C:\Program Files\Prio\prio_svc.exe [2012-11-08 12656]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 116648]
S2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2012-05-25 8192]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-22 118680]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-11-23 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-11-23 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-27 1255736]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 04 led 2014 19:21

Zdravim

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbar
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Frenc · #3 Příspěvek od **Frenc** » 04 led 2014 20:49

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
PC :: PC-PC [administrátor]

4.1.2014 15:44:47
mbam-log-2014-01-04 (15-44-47).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 541870
Uplynulý čas: 3 hodin, 11 minut, 36 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
PC :: PC-PC [administrator]

4.1.2014 19:55:42
mbar-log-2014-01-04 (19-55-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 238880
Time elapsed: 31 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

#4 Příspěvek od **vyosek** » 04 led 2014 21:18

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Frenc · #5 Příspěvek od **Frenc** » 05 led 2014 11:35

# AdwCleaner v3.016 - Report created 05/01/2014 at 11:28:04
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : PC - PC-PC
# Running from : C:\Users\PC\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Save
Folder Deleted : C:\ProgramData\ClickIT
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files (x86)\continuetosave
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Program Files (x86)\SimpleSpeedy
Folder Deleted : C:\Users\PC\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\1oo86dj4.default\Extensions\staged

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\1oo86dj4.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.5071b15924e20.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6589 octets] - [05/01/2014 11:25:24]
AdwCleaner[S0].txt - [6195 octets] - [05/01/2014 11:28:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6255 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by PC on ne 05.01.2014 at 11:36:01,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{03D45078-8C6B-46FC-9D8B-85413A217751}

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\1oo86dj4.default\minidumps [139 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 05.01.2014 at 11:47:36,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 Příspěvek od **vyosek** » 05 led 2014 21:58

Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=30&t=133101

Frenc · #7 Příspěvek od **Frenc** » 05 led 2014 22:41

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by PC (administrator) on PC-PC on 05-01-2014 22:35:17
Running from C:\Users\PC\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Prio\prio_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\PC\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Printsrv] - c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKCU\...\Run: [] - [x]
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {48a9a3ba-30aa-11e1-adfb-00030d8cbd85} - F:\_AUTORUN\AUTORUN.EXE
MountPoints2: {953d2988-ee4e-11e0-9e54-00030d8cbd85} - G:\_AUTORUN\AUTORUN.EXE
AppInit_DLLs: C:\ProgramData\WinFilter\WinFilter_x64.dll [4371456 2013-12-29] ()
AppInit_DLLs-x32: prio32.dll c:\progra~3\winfil~1\winfil~1.dll [4285440 2013-12-29] ()
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.113.115.171 195.113.144.233
Tcpip\..\Interfaces\{562AE857-66F7-463B-B75C-1A37EFA39F4E}: [NameServer]147.251.4.33 147.251.6.10

FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\1oo86dj4.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft\u00C3\u0083\u00C2\u0082\u00C3\u0082\u00C2\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U39) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Extension: (Google Wallet) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 03e661da; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
S2 03e661da; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-05-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-10] ()
R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12656 2012-11-08] ()

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-27] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-10-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2011-11-27] ()
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-05 22:35 - 2014-01-05 22:36 - 00013036 _____ C:\Users\PC\Desktop\FRST.txt
2014-01-05 22:34 - 2014-01-05 22:34 - 00000000 ____D C:\FRST
2014-01-05 22:33 - 2014-01-05 22:33 - 00112640 _____ (forum.viry.cz) C:\Users\PC\Desktop\FRSTLauncher.exe
2014-01-05 22:31 - 2014-01-05 22:31 - 01931368 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2014-01-05 15:14 - 2014-01-05 15:16 - 00000000 ____D C:\Users\PC\Downloads\Doctor Who Season 3
2014-01-05 11:47 - 2014-01-05 11:47 - 00000905 _____ C:\Users\PC\Desktop\JRT.txt
2014-01-05 11:25 - 2014-01-05 11:28 - 00000000 ____D C:\AdwCleaner
2014-01-05 11:24 - 2014-01-05 11:24 - 00000000 ____D C:\Windows\ERUNT
2014-01-05 11:23 - 2014-01-05 11:24 - 01036305 _____ (Thisisu) C:\Users\PC\Downloads\JRT.exe
2014-01-05 01:00 - 2014-01-05 11:33 - 00000112 _____ C:\Windows\setupact.log
2014-01-05 01:00 - 2014-01-05 01:00 - 00000000 _____ C:\Windows\setuperr.log
2014-01-04 20:09 - 2014-01-04 20:10 - 07385207 _____ C:\Users\PC\Downloads\FGN-otazky 2011-co_chcou_slyset.rar
2014-01-04 19:55 - 2014-01-04 20:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 19:51 - 2014-01-04 19:51 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 19:46 - 2014-01-04 20:27 - 00000000 ____D C:\Users\PC\Desktop\mbar
2014-01-04 16:23 - 2014-01-04 16:23 - 00935175 _____ C:\Users\PC\Downloads\RSITx64.exe
2014-01-04 15:17 - 2014-01-04 15:17 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-04 15:16 - 2014-01-04 15:25 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-03 18:48 - 2014-01-03 18:48 - 00000000 ____D C:\Program Files (x86)\RouboSiaaveer
2014-01-02 21:14 - 2014-01-02 23:23 - 00000000 ____D C:\Users\PC\Downloads\Doctor Who Season 2 Complete TV-Rips (2006)
2014-01-02 10:10 - 2014-01-04 12:01 - 00000000 ____D C:\ProgramData\RouboSiaaveer
2014-01-02 10:10 - 2014-01-03 18:48 - 00000000 ____D C:\ProgramData\a5d3e9a779bed7f2
2014-01-02 10:10 - 2014-01-02 10:10 - 00000000 ____D C:\Users\PC\AppData\Local\Packages
2014-01-02 10:10 - 2014-01-02 10:10 - 00000000 ____D C:\ProgramData\mfnghkkhnfhbkebjkkjgdfmoeccjhphi
2013-12-29 21:40 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-29 21:26 - 2013-12-29 21:26 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-29 21:13 - 2013-12-29 21:26 - 00000000 ____D C:\Program Files (x86)\MSECACHE
2013-12-29 13:33 - 2013-12-29 13:33 - 00000000 ____D C:\ProgramData\WinFilter
2013-12-28 20:30 - 2013-12-28 20:30 - 08780288 _____ C:\Users\PC\Downloads\Prednaska1-Molbiol-F_2013_2014.ppt
2013-12-19 15:11 - 2013-12-19 15:11 - 00000000 ____D C:\Users\PC\Documents\Vlastní šablony Office
2013-12-18 19:02 - 2014-01-05 11:56 - 00004948 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-PC-PC PC-PC
2013-12-17 21:13 - 2013-12-17 23:30 - 00000000 ____D C:\Users\PC\Desktop\Přednášky ze cvik-Vávrová
2013-12-16 16:42 - 2013-12-16 16:58 - 711005432 _____ (Microsoft Corporation) C:\Users\PC\Downloads\MicrosoftOffice.exe
2013-12-16 16:30 - 2013-12-16 18:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-16 16:30 - 2013-12-16 16:30 - 00800960 _____ (Microsoft Corporation) C:\Users\PC\Downloads\Setup.X64.cs-cz_O365ProPlusRetail_52cf347b-d2c3-4456-ba30-8c773fbaadbf_TX_PR_.exe
2013-12-13 22:09 - 2013-12-13 22:09 - 00000000 ____D C:\Users\PC\Downloads\videouprav
2013-12-12 23:13 - 2013-12-12 23:13 - 00000000 ____D C:\Users\PC\Downloads\Worms-Armageddon-for-Windows-7
2013-12-11 22:49 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 22:49 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 22:49 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 22:49 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 22:47 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 22:47 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 22:47 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 22:47 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 22:47 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 22:47 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 22:47 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 22:47 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 22:47 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 22:47 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 22:47 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 22:47 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 22:47 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 22:47 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 22:47 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 22:47 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 22:47 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 22:47 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 22:47 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 22:47 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 22:47 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 22:47 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 22:47 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 22:47 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 22:47 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 22:47 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 22:47 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 22:47 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 22:47 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 22:47 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 22:47 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 13:35 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 13:35 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 13:35 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 13:35 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 13:35 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 13:35 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 13:35 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 13:35 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 13:35 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 13:35 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 13:35 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 13:35 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 13:35 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 13:35 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 13:35 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 13:35 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 13:35 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 13:35 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 13:35 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-08 13:37 - 2013-12-08 13:37 - 00000000 ____D C:\Users\PC\Downloads\Farmaceutická-chemie-1---Úvod-(Univerzita-Karlova,-Hradec-Králové)
2013-12-06 14:57 - 2013-12-06 14:57 - 00000000 ____D C:\Users\PC\Desktop\ZIMNÍ ZÁPOČET

==================== One Month Modified Files and Folders =======

2014-01-05 22:36 - 2014-01-05 22:35 - 00013036 _____ C:\Users\PC\Desktop\FRST.txt
2014-01-05 22:34 - 2014-01-05 22:34 - 00000000 ____D C:\FRST
2014-01-05 22:33 - 2014-01-05 22:33 - 00112640 _____ (forum.viry.cz) C:\Users\PC\Desktop\FRSTLauncher.exe
2014-01-05 22:33 - 2012-07-12 06:43 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001UA.job
2014-01-05 22:33 - 2012-07-12 06:43 - 00000894 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001Core.job
2014-01-05 22:31 - 2014-01-05 22:31 - 01931368 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2014-01-05 22:28 - 2013-06-19 09:03 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-05 22:23 - 2011-08-26 12:53 - 01944819 _____ C:\Windows\WindowsUpdate.log
2014-01-05 22:05 - 2013-03-04 17:34 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-05 16:55 - 2011-08-26 13:39 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2014-01-05 16:55 - 2011-08-26 13:29 - 00000000 ____D C:\Users\PC\AppData\Roaming\Winamp
2014-01-05 16:54 - 2011-11-14 15:15 - 05666304 ___SH C:\Users\PC\Downloads\Thumbs.db
2014-01-05 16:05 - 2013-03-04 17:34 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-05 15:16 - 2014-01-05 15:14 - 00000000 ____D C:\Users\PC\Downloads\Doctor Who Season 3
2014-01-05 14:15 - 2012-09-22 08:09 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job
2014-01-05 11:56 - 2013-12-18 19:02 - 00004948 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-PC-PC PC-PC
2014-01-05 11:47 - 2014-01-05 11:47 - 00000905 _____ C:\Users\PC\Desktop\JRT.txt
2014-01-05 11:40 - 2009-07-14 05:45 - 00016784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 11:40 - 2009-07-14 05:45 - 00016784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 11:34 - 2013-11-21 21:00 - 00000322 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-05 11:34 - 2013-02-25 00:11 - 00000000 ____D C:\Users\PC\AppData\Local\HTC MediaHub
2014-01-05 11:33 - 2014-01-05 01:00 - 00000112 _____ C:\Windows\setupact.log
2014-01-05 11:33 - 2013-02-24 23:46 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-05 11:33 - 2012-05-25 00:34 - 00000194 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-05 11:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 11:28 - 2014-01-05 11:25 - 00000000 ____D C:\AdwCleaner
2014-01-05 11:24 - 2014-01-05 11:24 - 00000000 ____D C:\Windows\ERUNT
2014-01-05 11:24 - 2014-01-05 11:23 - 01036305 _____ (Thisisu) C:\Users\PC\Downloads\JRT.exe
2014-01-05 01:00 - 2014-01-05 01:00 - 00000000 _____ C:\Windows\setuperr.log
2014-01-05 00:38 - 2011-10-03 13:23 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{555B8652-60C3-4D42-AAA6-EA9CFE4EE9DF}
2014-01-04 20:30 - 2011-10-04 11:36 - 00000000 ____D C:\Users\PC\Desktop\Farmacie
2014-01-04 20:27 - 2014-01-04 19:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 20:27 - 2014-01-04 19:46 - 00000000 ____D C:\Users\PC\Desktop\mbar
2014-01-04 20:10 - 2014-01-04 20:09 - 07385207 _____ C:\Users\PC\Downloads\FGN-otazky 2011-co_chcou_slyset.rar
2014-01-04 19:51 - 2014-01-04 19:51 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-04 16:24 - 2011-10-25 07:47 - 00000000 ____D C:\Program Files\trend micro
2014-01-04 16:23 - 2014-01-04 16:23 - 00935175 _____ C:\Users\PC\Downloads\RSITx64.exe
2014-01-04 16:14 - 2011-11-30 02:02 - 00000000 ____D C:\Users\PC\Desktop\Programy
2014-01-04 15:44 - 2013-11-21 21:00 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 4
2014-01-04 15:43 - 2013-11-21 21:00 - 00002606 _____ C:\Windows\System32\Tasks\GlaryInitialize 4
2014-01-04 15:25 - 2014-01-04 15:16 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-04 15:17 - 2014-01-04 15:17 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-04 12:01 - 2014-01-02 10:10 - 00000000 ____D C:\ProgramData\RouboSiaaveer
2014-01-03 19:44 - 2012-03-06 14:37 - 00011137 _____ C:\Users\PC\Documents\hijackthis.log
2014-01-03 18:48 - 2014-01-03 18:48 - 00000000 ____D C:\Program Files (x86)\RouboSiaaveer
2014-01-03 18:48 - 2014-01-02 10:10 - 00000000 ____D C:\ProgramData\a5d3e9a779bed7f2
2014-01-03 17:46 - 2011-11-30 02:04 - 00000000 ____D C:\Users\PC\Desktop\Frenc
2014-01-02 23:23 - 2014-01-02 21:14 - 00000000 ____D C:\Users\PC\Downloads\Doctor Who Season 2 Complete TV-Rips (2006)
2014-01-02 23:10 - 2009-07-14 16:18 - 00634780 _____ C:\Windows\system32\perfh005.dat
2014-01-02 23:10 - 2009-07-14 16:18 - 00123338 _____ C:\Windows\system32\perfc005.dat
2014-01-02 23:10 - 2009-07-14 06:13 - 01478822 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 10:10 - 2014-01-02 10:10 - 00000000 ____D C:\Users\PC\AppData\Local\Packages
2014-01-02 10:10 - 2014-01-02 10:10 - 00000000 ____D C:\ProgramData\mfnghkkhnfhbkebjkkjgdfmoeccjhphi
2013-12-30 09:35 - 2011-08-26 13:06 - 00138080 _____ C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-30 09:35 - 2009-07-14 05:45 - 05087624 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-29 21:40 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2013-12-29 21:40 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-29 21:33 - 2011-09-13 12:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-29 21:31 - 2012-05-25 00:04 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-29 21:29 - 2009-07-14 16:37 - 00000000 ____D C:\Windows\ShellNew
2013-12-29 21:29 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-29 21:27 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-29 21:26 - 2013-12-29 21:26 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-29 21:26 - 2013-12-29 21:13 - 00000000 ____D C:\Program Files (x86)\MSECACHE
2013-12-29 21:22 - 2011-11-06 16:19 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-29 21:22 - 2011-11-06 16:17 - 00000000 ____D C:\ProgramData\HP
2013-12-29 13:33 - 2013-12-29 13:33 - 00000000 ____D C:\ProgramData\WinFilter
2013-12-28 20:30 - 2013-12-28 20:30 - 08780288 _____ C:\Users\PC\Downloads\Prednaska1-Molbiol-F_2013_2014.ppt
2013-12-24 03:06 - 2013-11-21 22:52 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-12-23 18:09 - 2011-08-26 13:00 - 00000000 ____D C:\Users\PC
2013-12-20 01:35 - 2009-07-14 03:34 - 00000835 _____ C:\Windows\win.ini
2013-12-19 15:11 - 2013-12-19 15:11 - 00000000 ____D C:\Users\PC\Documents\Vlastní šablony Office
2013-12-19 14:47 - 2012-09-27 15:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-18 21:09 - 2013-10-22 19:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 21:09 - 2012-09-27 15:59 - 00000000 ____D C:\Users\PC\AppData\Local\Mozilla
2013-12-18 10:45 - 2011-08-26 13:49 - 00000000 ____D C:\Windows\Panther
2013-12-17 23:30 - 2013-12-17 21:13 - 00000000 ____D C:\Users\PC\Desktop\Přednášky ze cvik-Vávrová
2013-12-16 18:09 - 2013-12-16 16:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-16 16:58 - 2013-12-16 16:42 - 711005432 _____ (Microsoft Corporation) C:\Users\PC\Downloads\MicrosoftOffice.exe
2013-12-16 16:30 - 2013-12-16 16:30 - 00800960 _____ (Microsoft Corporation) C:\Users\PC\Downloads\Setup.X64.cs-cz_O365ProPlusRetail_52cf347b-d2c3-4456-ba30-8c773fbaadbf_TX_PR_.exe
2013-12-16 14:29 - 2012-11-27 15:20 - 00000000 ____D C:\Users\PC\Downloads\Subs
2013-12-15 11:09 - 2013-07-31 02:02 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 11:05 - 2011-09-16 11:28 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 22:09 - 2013-12-13 22:09 - 00000000 ____D C:\Users\PC\Downloads\videouprav
2013-12-12 23:13 - 2013-12-12 23:13 - 00000000 ____D C:\Users\PC\Downloads\Worms-Armageddon-for-Windows-7
2013-12-12 23:03 - 2011-12-05 22:21 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-12 14:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-12 13:14 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 22:27 - 2013-06-19 09:03 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 22:27 - 2012-09-28 09:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 22:27 - 2011-09-19 23:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-08 16:00 - 2013-03-04 17:34 - 00003940 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-08 16:00 - 2013-03-04 17:34 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-08 13:37 - 2013-12-08 13:37 - 00000000 ____D C:\Users\PC\Downloads\Farmaceutická-chemie-1---Úvod-(Univerzita-Karlova,-Hradec-Králové)
2013-12-06 14:58 - 2011-11-30 02:03 - 00000000 ____D C:\Users\PC\Desktop\Games
2013-12-06 14:57 - 2013-12-06 14:57 - 00000000 ____D C:\Users\PC\Desktop\ZIMNÍ ZÁPOČET

Some content of TEMP:
====================
C:\Users\PC\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001Core.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001UA.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\PC\Desktop" je 53222 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by PC at 2014-01-05 22:37:41
Running from C:\Users\PC\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.3.0.29625 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Czech (x32 Version: 11.0.05 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.20704 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70704.0230 - Advanced Micro Devices, Inc.) Hidden
AmpliTube 3 (x32 Version: 3.0.0 - IK Multimedia)
AmpliTube 3 version 3.5.2 (Version: 3.5.2 - IK Multimedia)
Ashampoo Burning Studio 6 FREE v.6.80 (x32 Version: 6.8.0 - ashampoo GmbH & Co. KG)
ASIO4ALL (x32 Version: - )
ATMA V 5.05 (x32 Version: 5.05 - Yougen Kaisha)
B209a-m (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0 - Nokia)
BS.Player FREE (x32 Version: 2.66.1075 - AB Team, d.o.o.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Call of Duty Modern Warfare 2 (x32 Version: - Activision)
Call of Duty(R) 2 (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 (x32 Version: 1.3 - Activision)
Call of Duty(R) 2 Patch 1.3 (x32 Version: 1.3 - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0704.122.388 - Název společnosti:) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.06 - Piriform)
Command & Conquer™ Red Alert™ 3 (x32 Version: 1.0.1.0 - Electronic Arts)
Consolas Font Family (x32 Version: 1.00.0000 - Microsoft Corporation)
Counter Strike 1.6 Reloaded (x32 Version: 1.00 - The Reloaded Team)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (x32 Version: 4.45.1.0236 - DT Soft Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Diablo II (x32 Version: - )
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
FONTS (x32 Version: - )
FormatFactory 3.1.1 (x32 Version: 3.1.1 - Free Time)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GamePark (x32 Version: - GamePark)
GamePark klient 2.0.9.0 (Version: 2.0.9.0 - GamePark)
Glary Utilities 4.3 (x32 Version: 4.3.0.80 - Glarysoft Ltd)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google SketchUp 8 (x32 Version: 3.0.4811 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Half-Life (x32 Version: - )
Half-Life: Blue Shift (x32 Version: - )
Half-Life: Opposing Force (x32 Version: - )
Heroes of Might and Magic IV: Winds of War (x32 Version: - )
Heroes of Might and Magic V - Tribes of the East (x32 Version: - )
Heroes of Might and Magic V (x32 Version: - )
Heroes of Might and Magic® III Complete (x32 Version: - )
Heroes of Might and Magic® III Demo (x32 Version: - )
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6 (Version: 13.0 - HP)
HP Print Projects 1.0 (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (Version: 4.5 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (x32 Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HTC Driver Installer (x32 Version: 4.2.0.001 - HTC Corporation)
HTC Sync Manager (x32 Version: 2.0.61.0 - HTC)
IrfanView (remove only) (x32 Version: - )
Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (x32 Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 39 (x32 Version: 6.0.390 - Oracle)
Java(TM) 7 (64-bit) (Version: 7.0.0 - Oracle)
Java(TM) SE Development Kit 7 (64-bit) (Version: 1.7.0.0 - Oracle)
Line 6 Uninstaller (x32 Version: - Line 6)
Magic ISO Maker v5.5 (build 0281) (x32 Version: - )
Malwarebytes Anti-Malware verze 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service CS-CZ Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 ProPlus - cs-cz (Version: 15.0.4551.1011 - Microsoft Corporation)
Microsoft Online Services Logonassistent (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client CS-CZ Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 24.0 (x86 cs) (x32 Version: 24.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.0 - Mozilla)
MP3 AddIn (x32 Version: 1.0.0 - TopByteLabs Ltd.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
PC Connectivity Solution (x32 Version: 8.15.0.0 - Nokia)
PDFCreator (x32 Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
Phobia III (remove only) (x32 Version: - )
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Prio (Version: 2.0.0.2960 - )
PS_AIO_06_B209a-m_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (x32 Version: 1.06.0000 - Realtek)
Samsung Kies (x32 Version: 2.0.0.11014_49 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11014_49 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (Version: - )
Samsung Mobile Modem Device Software (Version: - )
Samsung Mobile phone USB driver Drive Software (Version: - )
Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (x32 Version: 6.83.6.2.1 - Samsung)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
Skype™ 6.0 (x32 Version: 6.0.126 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Soldier of Fortune Platinum (x32 Version: - )
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Source SDK Base 2007 (x32 Version: - Valve)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (x32 Version: 7.56a - Ghisler Software GmbH)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VLC media player 1.1.11 (x32 Version: 1.1.11 - VideoLAN)
Warcraft III (x32 Version: - )
Warcraft III: All Products (HKCU Version: - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (x32 Version: 5.64 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinFilter (x32 Version: - Succes Stream)
WinRAR 4.01 (64-bit) (Version: 4.01.0 - win.rar GmbH)
World of Tanks (x32 Version: - Wargaming.net)
World of Warplanes (x32 Version: - Wargaming.net)

==================== Restore Points =========================

04-01-2014 11:13:19 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-05-16 11:46 - 00447001 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {05795459-1EB2-4F74-ADEF-08CFEF7220A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-02] (Microsoft Corporation)
Task: {477A0029-9C82-4AE8-A6AD-9E2ABD9607CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-12-16] (Microsoft Corporation)
Task: {4C6490E2-0738-47B3-B2AD-7969E895A6F1} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: {83D808D2-81BA-41FE-A70C-1F22D845EBAD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-PC-PC PC-PC => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-12-16] (Microsoft Corporation)
Task: {911A9737-23E3-4DF6-960C-F2717BD1BC76} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {A02E159A-C97E-40E5-8B2B-C5411289E735} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001Core => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-01] (Facebook Inc.)
Task: {A31C7885-8A69-4B0E-AA97-3756555873DB} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2013-12-24] (Glarysoft Ltd)
Task: {AC577AF1-7953-4FA3-ADE5-441E0D7F9575} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04] (Google Inc.)
Task: {BC49FC5D-2C2E-4B56-9559-6983774D11C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {D4DF55E6-1168-4258-AE7E-F0F7801385A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-12-16] (Microsoft Corporation)
Task: {E1F97DC0-82E9-4494-AD1E-377FBFB04B53} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001UA => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-01] (Facebook Inc.)
Task: {E26FD5D6-018F-41CE-B69A-2E14F750879E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {E63328A1-C0DE-4946-886E-2D30511965BC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-12-16] (Microsoft Corporation)
Task: {FAD72411-B89F-4A6C-8C92-9B244159858E} - System32\Tasks\AdobeAAMUpdater-1.0-PC-PC-PC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {FD827675-DEA1-4828-A319-A08450F07192} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001Core.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001UA.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-04 01:16 - 2012-07-04 01:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-02 07:38 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-05-17 11:22 - 2013-05-17 11:22 - 00030056 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2013-05-17 11:42 - 2013-05-17 11:42 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2013-05-17 11:22 - 2013-05-17 11:22 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2013-05-17 11:22 - 2013-05-17 11:22 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2013-05-17 11:23 - 2013-05-17 11:23 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-05-17 11:27 - 2013-05-17 11:27 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-12-29 13:33 - 2013-12-29 13:33 - 04285440 _____ () C:\ProgramData\WinFilter\WinFilter.dll
2013-12-05 21:02 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 21:02 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 21:02 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 21:02 - 2013-12-04 03:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2013-12-05 21:02 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 21:02 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

#8 Příspěvek od **vyosek** » 07 led 2014 11:21

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Printsrv] - c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKCU\...\Run: [] - [x]
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {48a9a3ba-30aa-11e1-adfb-00030d8cbd85} - F:\_AUTORUN\AUTORUN.EXE
MountPoints2: {953d2988-ee4e-11e0-9e54-00030d8cbd85} - G:\_AUTORUN\AUTORUN.EXE

ProxyServer: :0

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S2 03e661da; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
S2 03e661da; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-05-25] ()

2014-01-05 22:33 - 2014-01-05 22:33 - 00112640 _____ (forum.viry.cz) C:\Users\PC\Desktop\FRSTLauncher.exe
2014-01-04 19:46 - 2014-01-04 20:27 - 00000000 ____D C:\Users\PC\Desktop\mbar
2014-01-04 16:23 - 2014-01-04 16:23 - 00935175 _____ C:\Users\PC\Downloads\RSITx64.exe
2014-01-04 15:17 - 2014-01-04 15:17 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-04 15:16 - 2014-01-04 15:25 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-02 10:10 - 2014-01-04 12:01 - 00000000 ____D C:\ProgramData\RouboSiaaveer
2014-01-02 10:10 - 2014-01-03 18:48 - 00000000 ____D C:\ProgramData\a5d3e9a779bed7f2
2014-01-02 10:10 - 2014-01-02 10:10 - 00000000 ____D C:\Users\PC\AppData\Local\Packages
2014-01-02 10:10 - 2014-01-02 10:10 - 00000000 ____D C:\ProgramData\mfnghkkhnfhbkebjkkjgdfmoeccjhphi

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001Core.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001UA.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Frenc · #9 Příspěvek od **Frenc** » 08 led 2014 12:20

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014
Ran by PC at 2014-01-07 21:34:43 Run:1
Running from C:\Users\PC\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Printsrv] - c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKCU\...\Run: [] - [x]
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
MountPoints2: {48a9a3ba-30aa-11e1-adfb-00030d8cbd85} - F:\_AUTORUN\AUTORUN.EXE
MountPoints2: {953d2988-ee4e-11e0-9e54-00030d8cbd85} - G:\_AUTORUN\AUTORUN.EXE

ProxyServer: :0

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S2 03e661da; C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
S2 03e661da; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-14] (Microsoft Corporation)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-05-25] ()

2014-01-05 22:33 - 2014-01-05 22:33 - 00112640 _____ (forum.viry.cz) C:\Users\PC\Desktop\FRSTLauncher.exe
2014-01-04 19:46 - 2014-01-04 20:27 - 00000000 ____D C:\Users\PC\Desktop\mbar
2014-01-04 16:23 - 2014-01-04 16:23 - 00935175 _____ C:\Users\PC\Downloads\RSITx64.exe
2014-01-04 15:17 - 2014-01-04 15:17 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-04 15:16 - 2014-01-04 15:25 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-02 10:10 - 2014-01-04 12:01 - 00000000 ____D C:\ProgramData\RouboSiaaveer
2014-01-02 10:10 - 2014-01-03 18:48 - 00000000 ____D C:\ProgramData\a5d3e9a779bed7f2
2014-01-02 10:10 - 2014-01-02 10:10 - 00000000 ____D C:\Users\PC\AppData\Local\Packages
2014-01-02 10:10 - 2014-01-02 10:10 - 00000000 ____D C:\ProgramData\mfnghkkhnfhbkebjkkjgdfmoeccjhphi

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001Core.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001UA.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Printsrv => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a9a3ba-30aa-11e1-adfb-00030d8cbd85} => Key deleted successfully.
HKCR\CLSID\{48a9a3ba-30aa-11e1-adfb-00030d8cbd85} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{953d2988-ee4e-11e0-9e54-00030d8cbd85} => Key deleted successfully.
HKCR\CLSID\{953d2988-ee4e-11e0-9e54-00030d8cbd85} => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
03e661da => Service deleted successfully.
03e661da => Service not found.
KMService => Service deleted successfully.
"C:\Users\PC\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Users\PC\Desktop\mbar => Moved successfully.
C:\Users\PC\Downloads\RSITx64.exe => Moved successfully.
C:\Program Files\HitmanPro => Moved successfully.
C:\ProgramData\HitmanPro => Moved successfully.
C:\ProgramData\RouboSiaaveer => Moved successfully.
C:\ProgramData\a5d3e9a779bed7f2 => Moved successfully.
C:\Users\PC\AppData\Local\Packages => Moved successfully.
C:\ProgramData\mfnghkkhnfhbkebjkkjgdfmoeccjhphi => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\Windows\Tasks\AutoKMSDaily.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2624643300-2102865283-2439309018-1001UA.job => Moved successfully.
C:\Windows\Tasks\GlaryInitialize 4.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

The system needs a manual reboot.

==== End of Fixlog ====

#10 Příspěvek od **vyosek** » 08 led 2014 12:24

Jak se chova PC??

Frenc · #11 Příspěvek od **Frenc** » 08 led 2014 15:18

Konečně to zmizelo

Děkuju jako vždy. Jen nechápu, že to bylo tak "zakopané" když je to jen add-up prográmek.. navíc na Netu jsem našel jen jeden návod nebo zmínku a ta taky nefungovala. Jak kdyby se to samo bránilo odstranění. Mrcha jedna.

#12 Příspěvek od **vyosek** » 08 led 2014 17:41

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Tady ty adware se bouhzel hooodne zasivaji a zaziraji do systemu a neni lehke je vypreparovat

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Preventika aneb prevít popup Randommprice :-( v chromu

Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu

Re: Preventika aneb prevít popup Randommprice :-( v chromu