VIRY.CZ

Dobrý večer,
mohl by mi někdo zkontrolovat log, asi předhodinou sem v pc objevil iWebar/youtube accelerator/ a nějaký shopper
= odinstalval přes ovládací panely / cc cleaner
= vyčistil cc cleanerem
= a malwarebytes mi našel 4 potenciální hrozby

předem děkuji za jakoukoli pomoc.

(pod výpisem z Malwarebytes přikládám výstup z RSIT)

Malwarebytes mi vypsal toto:
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 25. 5. 2014
Scan Time: 0:04:06
Logfile: chyba.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.24.08
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Marta

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 246041
Time Elapsed: 2 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.iWebar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, , [a692391cb6c531051cfa8a17d1313cc4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1482324353-3948896138-1893195853-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [96a2e570df9c89ad0e3a08c83ec5b947],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [f7415104522986b055530d9247bb0ff1],
PUP.Optional.CrossRider.A, C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "146300fef6a87a170961e4d072d8dc44");), ,[ae8a2233047786b09af6146f798bc739]

Physical Sectors: 0
(No malicious items detected)


(end)

RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Marta at 2014-05-25 00:10:23
Microsoft Windows 8
System drive C: has 622 GB (89%) free of 699 GB
Total RAM: 3979 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:10:25, on 25. 5. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
C:\Users\Marta\Downloads\HiJackThis.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\trend micro\Marta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP HD Webcam Driver_Monitor] C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\Marta\AppData\Roaming\Seznam.cz\bin\listicka.dll (HKCU)
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\Marta\AppData\Roaming\Seznam.cz\bin\listicka.dll (HKCU)
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Users\Marta\AppData\Roaming\Seznam.cz\bin\listicka.dll (HKCU)
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Users\Marta\AppData\Roaming\Seznam.cz\bin\listicka.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem40.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12752 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Windows Defender\MsMpEng.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d37f3d60-23a5-4193-a2bc-d4c18a9020b6 -SystemEventPortName:HostProcess-57d66a75-0e73-494b-9560-527749aeca8d -IoCancelEventPortName:HostProcess-589a688b-88fc-490e-b4cf-a842fe6976e7 -NonStateChangingEventPortName:HostProcess-be44a733-7f98-4f39-808c-17b17947376f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:8136aa8b-0ea8-4c93-930f-68868a429cc3 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4ad0dbcd-c428-42fa-8502-29d1888db7a4 -SystemEventPortName:HostProcess-fd8486ed-5651-4e3f-adc1-a1ea602804fe -IoCancelEventPortName:HostProcess-4e4a7816-3c37-4930-83c8-66fd0493acff -NonStateChangingEventPortName:HostProcess-a5802159-1b18-420d-8b9b-49082b59238d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:248c6874-5fd0-4fe9-a152-ff3609fed686 -DeviceGroupId:WudfDefaultDevicePool
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
atieclxx
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\Windows\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
taskhost.exe

"C:\Program Files\CCleaner\CCleaner64.exe" /uac
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=12972.12a45bf0.605991006 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 12972 "\\.\pipe\gecko-crash-server-pipe.12972" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe" --proxy-stub-channel=Flash5540.6CDA6010.16045 --host-broker-channel=Flash5540.6CDA6010.6738 --host-pid=5540 --host-npapi-version=27 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_13_0_0_182.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe" --channel=1004.0101F13C.507370102 --proxy-stub-channel=Flash5540.6CDA6010.16045 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_13_0_0_182.dll" --host-npapi-version=27 --type=renderer
C:\Windows\system32\DllHost.exe /Processid:{86D5EB8A-859F-4C7B-A76B-2BD819B7A850}
"C:\Users\Marta\Downloads\HiJackThis.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe168_ Global\UsGthrCtrlFltPipeMssGthrPipe168 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 572 576 584 65536 580
"C:\Users\Marta\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForMarta.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForMarta (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll


C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\extensions\
anttoolbar@ant.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-05-08 587104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-23 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-23 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-23 441152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-08-06 1425408]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-05-13 21720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [2012-07-10 968840]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
"HP HD Webcam Driver_Monitor"=C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [2012-07-26 303480]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-24 491120]
"RemoteControl10"=c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2013-05-16 3830224]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-09-19 371976]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2013-06-05 683656]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2013-10-16 337184]
""= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
hpoddt01.exe.lnk - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-23 441856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-05-25 00:10:23 ----D---- C:\rsit
2014-05-25 00:10:23 ----D---- C:\Program Files\trend micro
2014-05-25 00:02:47 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-05-25 00:02:20 ----D---- C:\ProgramData\Malwarebytes
2014-05-25 00:02:20 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 00:02:20 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-05-25 00:02:20 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-05-25 00:02:20 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-05-24 23:05:01 ----D---- C:\Program Files (x86)\YouTube Accelerator
2014-05-24 23:04:46 ----D---- C:\Program Files (x86)\globalUpdate
2014-05-23 23:17:23 ----A---- C:\Windows\RomeTW.ini
2014-05-23 22:32:37 ----D---- C:\Program Files (x86)\Activision
2014-05-15 20:08:45 ----A---- C:\Windows\system32\shell32.dll
2014-05-15 20:08:42 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-05-15 20:08:22 ----A---- C:\Windows\system32\drivers\WdFilter.sys
2014-05-15 20:08:20 ----A---- C:\Windows\system32\drivers\WdBoot.sys
2014-05-15 20:08:04 ----A---- C:\Windows\system32\lsasrv.dll
2014-05-15 20:08:03 ----A---- C:\Windows\system32\kerberos.dll
2014-05-15 20:08:02 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-05-15 20:08:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:08:01 ----A---- C:\Windows\system32\KernelBase.dll
2014-05-15 20:07:59 ----A---- C:\Windows\system32\drivers\cng.sys
2014-05-15 20:07:58 ----A---- C:\Windows\system32\winlogon.exe
2014-05-15 20:07:58 ----A---- C:\Windows\system32\sspicli.dll
2014-05-15 20:07:58 ----A---- C:\Windows\system32\msv1_0.dll
2014-05-15 20:07:57 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-05-15 20:07:57 ----A---- C:\Windows\system32\objsel.dll
2014-05-15 20:07:56 ----A---- C:\Windows\SYSWOW64\objsel.dll
2014-05-15 20:07:56 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-05-15 20:07:56 ----A---- C:\Windows\system32\SHCore.dll
2014-05-15 20:07:56 ----A---- C:\Windows\system32\lsm.dll
2014-05-15 20:07:56 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-05-15 20:07:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-05-15 20:07:56 ----A---- C:\Windows\system32\dpapisrv.dll
2014-05-15 20:07:55 ----A---- C:\Windows\SYSWOW64\usercpl.dll
2014-05-15 20:07:55 ----A---- C:\Windows\system32\wdigest.dll
2014-05-15 20:07:55 ----A---- C:\Windows\system32\usercpl.dll
2014-05-15 20:07:54 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-05-15 20:07:54 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-05-15 20:07:54 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-05-15 20:07:54 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-05-15 20:07:54 ----A---- C:\Windows\SYSWOW64\SHCore.dll
2014-05-15 20:07:54 ----A---- C:\Windows\system32\TSpkg.dll
2014-05-15 20:07:54 ----A---- C:\Windows\system32\schannel.dll
2014-05-15 20:07:54 ----A---- C:\Windows\system32\lsass.exe
2014-05-15 20:07:53 ----A---- C:\Windows\SYSWOW64\dimsroam.dll
2014-05-15 20:07:53 ----A---- C:\Windows\system32\sspisrv.dll
2014-05-15 20:07:53 ----A---- C:\Windows\system32\dimsroam.dll
2014-05-15 20:07:53 ----A---- C:\Windows\system32\credssp.dll
2014-05-15 20:07:52 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-05-15 20:07:52 ----A---- C:\Windows\system32\workerdd.dll
2014-05-15 20:07:26 ----A---- C:\Windows\system32\schedsvc.dll
2014-05-15 20:07:25 ----A---- C:\Windows\system32\mshtmled.dll
2014-05-15 20:07:24 ----A---- C:\Windows\system32\mshtml.dll
2014-05-15 20:07:04 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-05-15 20:06:54 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-05-15 20:05:57 ----A---- C:\Windows\system32\kernel32.dll
2014-05-15 20:05:56 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-05-15 20:05:55 ----A---- C:\Windows\system32\gpedit.dll
2014-05-15 20:05:55 ----A---- C:\Windows\system32\drivers\srv2.sys
2014-05-15 20:05:55 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2014-05-15 20:05:54 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2014-05-15 20:05:53 ----A---- C:\Windows\SYSWOW64\gpedit.dll
2014-05-15 20:05:53 ----A---- C:\Windows\system32\drivers\srvnet.sys
2014-05-15 20:05:53 ----A---- C:\Windows\system32\drivers\IPMIDrv.sys
2014-05-09 22:36:31 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-05-06 12:21:32 ----A---- C:\Windows\SYSWOW64\WSShared.dll
2014-05-06 12:21:32 ----A---- C:\Windows\system32\WSShared.dll
2014-05-06 12:21:32 ----A---- C:\Windows\system32\NotificationUI.exe
2014-05-06 12:21:31 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 12:21:31 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

======List of files/folders modified in the last 1 month======

2014-05-25 00:10:23 ----RD---- C:\Program Files
2014-05-25 00:10:18 ----D---- C:\Windows\Prefetch
2014-05-25 00:06:45 ----D---- C:\Windows\Temp
2014-05-25 00:02:47 ----D---- C:\Windows\system32\Drivers
2014-05-25 00:02:20 ----RD---- C:\Program Files (x86)
2014-05-25 00:02:20 ----HD---- C:\ProgramData
2014-05-25 00:00:11 ----D---- C:\Windows\system32\sru
2014-05-24 23:48:48 ----SD---- C:\Users\Marta\AppData\Roaming\Microsoft
2014-05-24 23:44:20 ----D---- C:\Windows\system32\Tasks
2014-05-24 23:44:17 ----D---- C:\Windows\Tasks
2014-05-24 23:32:42 ----HD---- C:\Windows\system32\GroupPolicy
2014-05-24 23:32:42 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2014-05-24 23:32:41 ----D---- C:\Program Files\Common Files
2014-05-24 23:28:43 ----D---- C:\Windows\Inf
2014-05-24 23:20:19 ----D---- C:\Windows\SoftwareDistribution
2014-05-24 23:20:19 ----D---- C:\Windows\debug
2014-05-24 23:20:19 ----D---- C:\Windows
2014-05-24 23:19:03 ----AD---- C:\ProgramData\Temp
2014-05-24 23:05:37 ----SHD---- C:\Windows\Installer
2014-05-24 23:05:14 ----D---- C:\Windows\SysWOW64
2014-05-24 23:04:04 ----RD---- C:\Windows\System32
2014-05-24 23:04:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-24 23:02:56 ----D---- C:\Users\Marta\AppData\Roaming\Seznam.cz
2014-05-24 23:00:15 ----D---- C:\Windows\system32\catroot
2014-05-24 23:00:14 ----D---- C:\Windows\system32\DriverStore
2014-05-24 22:24:30 ----A---- C:\Windows\SYSWOW64\bscs.ini
2014-05-24 22:21:26 ----A---- C:\Windows\SYSWOW64\LOCALSERVICE.INI
2014-05-24 22:21:23 ----A---- C:\Windows\SYSWOW64\LOCALDEVICE.INI
2014-05-24 09:40:04 ----D---- C:\Windows\Microsoft.NET
2014-05-23 22:32:08 ----SHD---- C:\System Volume Information
2014-05-23 21:09:11 ----D---- C:\Windows\system32\config
2014-05-21 23:29:26 ----D---- C:\ProgramData\PDFC
2014-05-21 18:48:31 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-18 19:59:23 ----D---- C:\Windows\rescache
2014-05-16 17:55:14 ----RSD---- C:\Windows\assembly
2014-05-16 16:38:04 ----A---- C:\Windows\SYSWOW64\log.txt
2014-05-16 16:36:24 ----D---- C:\Windows\WinSxS
2014-05-16 16:34:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 16:32:36 ----RD---- C:\Windows\ToastData
2014-05-16 16:32:31 ----D---- C:\Program Files\Windows Defender
2014-05-16 16:32:30 ----D---- C:\Program Files (x86)\Windows Defender
2014-05-16 16:32:28 ----D---- C:\Windows\system32\SecureBootUpdates
2014-05-16 16:32:22 ----D---- C:\Windows\system32\en-US
2014-05-16 16:32:22 ----D---- C:\Windows\system32\cs-CZ
2014-05-16 09:01:08 ----A---- C:\SROF.ini
2014-05-16 09:00:51 ----D---- C:\Windows\system32\NDF
2014-05-15 21:45:00 ----D---- C:\Windows\CbsTemp
2014-05-15 21:41:47 ----D---- C:\Windows\AUInstallAgent
2014-05-15 21:41:11 ----HD---- C:\Program Files\WindowsApps
2014-05-15 21:38:03 ----D---- C:\Windows\system32\MRT
2014-05-15 21:38:00 ----A---- C:\Windows\system32\MRT.exe
2014-05-15 20:04:20 ----D---- C:\Windows\system32\catroot2
2014-05-15 07:40:13 ----D---- C:\Users\Marta\AppData\Roaming\vlc
2014-05-08 18:34:51 ----D---- C:\Windows\system32\wdi
2014-05-08 08:06:50 ----D---- C:\Windows\WinStore
2014-05-01 22:37:50 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-04-30 21:49:53 ----D---- C:\Users\Marta\AppData\Roaming\hpqlog
2014-04-30 21:49:43 ----D---- C:\Program Files (x86)\Hewlett-Packard
2014-04-30 21:49:03 ----D---- C:\swsetup
2014-04-28 14:40:07 ----D---- C:\Program Files (x86)\PokerStars

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem19.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2012-07-09 35496]
R0 hpdskflt;@oem40.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2013-07-30 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2012-07-31 645952]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R3 Accelerometer;@oem40.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2013-07-30 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-08-01 10280960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-08-01 368640]
R3 BtAudioBusSrv;@oem14.inf,%SvcDesc%;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;@tdibth.inf,%BthEnum.DisplayName%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-10-02 48608]
R3 HpqKbFiltr;@oem5.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2012-08-27 26504]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-08-23 9000256]
R3 JMCR;JMCR; C:\Windows\System32\drivers\jmcr.sys [2013-10-30 176880]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-05-25 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 64216]
R3 MEIx64;@oem39.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2013-10-30 62784]
R3 netr28x;@oem53.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
R3 rtbth;@oem46.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem6.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-06-13 683664]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;UMDF Reflector service for SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
R3 SPUVCbv;@oem45.inf,%SPUVCb.ServiceName%;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2014-01-08 1064184]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-08-06 540160]
R3 SynTP;@oem44.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S0 AFS;AFS; C:\Windows\system32\drivers\AFS.sys []
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-07-25 64832]
S3 dot4;@oem34.inf,%Dot4_Name%;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2012-10-19 151968]
S3 Dot4Print;@oem35.inf,%Dot4Print_Name%;Print Class Driver for IEEE-1284.4; C:\Windows\System32\drivers\Dot4Prt.sys [2012-10-19 27040]
S3 dot4usb;@oem34.inf,%DOT4USB_NAME%;Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2012-10-19 49056]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-23 9000256]
S3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNe64.sys [2012-06-02 11400192]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-08-15 41272]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-08-15 43832]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-02 43008]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-06 210560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-08-01 239616]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-09-26 1612552]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-08-25 488824]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2013-10-16 681760]
R2 hpsrv;@oem40.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2013-07-30 33600]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-10-30 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-10-30 165336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-10-30 279000]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-06-05 1143432]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-08-06 321536]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-10-30 366040]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-09-19 146184]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-01-23 1006424]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-24 68608]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-23 276288]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-08-01 477088]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-24 68608]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-09 119408]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\Windows\System32\drivers\BthAvrcpTg.sys [2013-06-01 37632]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\Windows\System32\drivers\BthHFHid.sys [2012-11-27 29952]

-----------------EOF-----------------

Zdavim

Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Dobré ráno,
zde jsou:

Junk Removal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Marta on ne 25. 05. 2014 at 9:26:28,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Marta\AppData\Roaming\mozilla\firefox\profiles\mxwauk8b.default\prefs.js

user_pref("extensions.crossrider.bic", "146300fef6a87a170961e4d072d8dc44");
Emptied folder: C:\Users\Marta\AppData\Roaming\mozilla\firefox\profiles\mxwauk8b.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 25. 05. 2014 at 9:31:41,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adware
# AdwCleaner v3.210 - Report created 25/05/2014 at 09:34:25
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Marta - NB-1
# Running from : C:\Users\Marta\Desktop\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\YouTube Accelerator
Folder Deleted : C:\Users\Marta\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Marta\AppData\LocalLow\Goobzo
Folder Deleted : C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\Extensions\anttoolbar@ant.com
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKLM\Software\Goobzo

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v29.0.1 (cs)

[ File : C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1901 octets] - [25/05/2014 09:33:30]
AdwCleaner[R1].txt - [1961 octets] - [25/05/2014 09:34:06]
AdwCleaner[S0].txt - [1884 octets] - [25/05/2014 09:34:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1944 octets] ##########

Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014
Ran by Marta (administrator) on NB-1 on 25-05-2014 11:08:14
Running from C:\Users\Marta\Desktop
Platform: Windows 8 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-06] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] ()
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe"
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=CMNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=CMNTDFJS
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\mxwauk8b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-15]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [488824 2012-08-25] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477088 2012-08-01] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-30] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [64832 2012-07-25] (Hewlett-Packard Company)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2014-01-08] (Sunplus)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-25 11:08 - 2014-05-25 11:08 - 00015236 _____ () C:\Users\Marta\Desktop\FRST.txt
2014-05-25 11:07 - 2014-05-25 11:08 - 00000000 ____D () C:\FRST
2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 02066432 _____ (Farbar) C:\Users\Marta\Desktop\FRST64.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 07:28 - 2014-05-25 09:53 - 00112532 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 00:23 - 2014-05-25 00:23 - 00001674 _____ () C:\Users\Marta\Desktop\chyba.txt
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\rsit
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\Program Files\trend micro
2014-05-25 00:09 - 2014-05-25 00:09 - 01222144 _____ () C:\Users\Marta\Downloads\RSITx64.exe
2014-05-25 00:02 - 2014-05-25 10:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 00:02 - 2014-05-25 00:02 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 00:02 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 00:02 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-25 00:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
2014-05-24 23:04 - 2014-05-24 23:04 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-05-23 23:17 - 2014-05-23 23:17 - 00000269 _____ () C:\Windows\RomeTW.ini
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 22:32 - 2014-05-23 22:32 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-05-20 06:59 - 2014-05-20 06:59 - 00000000 ____D () C:\Users\Marta\Desktop\css1
2014-05-20 06:37 - 2014-05-20 06:37 - 00056294 _____ () C:\Users\Marta\Desktop\css1.zip
2014-05-19 18:28 - 2014-05-22 07:31 - 00001227 _____ () C:\Users\Marta\Desktop\elementy_div.css
2014-05-19 18:27 - 2014-05-20 20:34 - 00001146 _____ () C:\Users\Marta\Desktop\elementy_div.html
2014-05-15 20:08 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:08 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:08 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 20:08 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-15 20:08 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:08 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 20:08 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-15 20:08 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:08 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:07 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:07 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 20:07 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 20:07 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:07 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:07 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-15 20:07 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-15 20:07 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:07 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:07 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-15 20:07 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:07 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 20:07 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 20:07 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 20:07 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-15 20:07 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-15 20:07 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:07 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 20:07 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 20:07 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 20:07 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:07 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:07 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:07 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 20:07 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 20:07 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-15 20:06 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 20:06 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 20:06 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 20:05 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-15 20:05 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-15 20:05 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-15 20:05 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-15 20:05 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-15 20:05 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-15 20:05 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-15 20:05 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-15 20:05 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-09 22:36 - 2014-05-09 22:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 12:21 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 12:21 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 12:21 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 12:21 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 12:21 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-30 02:51 - 2014-04-30 02:51 - 00000000 ____D () C:\Users\Marta\Documents\ProcAlyzer Dumps
2014-04-25 22:47 - 2014-04-26 00:01 - 1468999508 _____ () C:\Users\Marta\Downloads\Baader.Meinhof.Komplex.2008-Nerez.CZ.avi
2014-04-25 13:38 - 2014-04-25 13:38 - 00000000 ____D () C:\Users\Marta\Desktop\xml
2014-04-25 11:43 - 2014-04-28 17:15 - 00000000 ____D () C:\Users\Marta\Desktop\csob

==================== One Month Modified Files and Folders =======

2014-05-25 11:08 - 2014-05-25 11:08 - 00015236 _____ () C:\Users\Marta\Desktop\FRST.txt
2014-05-25 11:08 - 2014-05-25 11:07 - 00000000 ____D () C:\FRST
2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 02066432 _____ (Farbar) C:\Users\Marta\Desktop\FRST64.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 11:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-25 10:06 - 2014-05-25 00:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 09:53 - 2014-05-25 07:28 - 00112532 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 09:45 - 2012-09-09 07:46 - 00755956 _____ () C:\Windows\system32\perfh005.dat
2014-05-25 09:45 - 2012-09-09 07:46 - 00162886 _____ () C:\Windows\system32\perfc005.dat
2014-05-25 09:45 - 2012-07-26 09:28 - 01851422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 09:42 - 2013-12-15 21:48 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Seznam.cz
2014-05-25 09:39 - 2012-09-26 10:53 - 00000950 _____ () C:\Windows\SysWOW64\bscs.ini
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:37 - 2013-10-30 22:19 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-05-25 09:37 - 2012-09-09 07:14 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-25 09:36 - 2014-01-08 22:42 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForMarta.job
2014-05-25 09:36 - 2013-10-30 22:19 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-05-25 09:36 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:35 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-05-25 09:34 - 2014-05-25 09:33 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:31 - 2014-04-18 09:47 - 00000000 ____D () C:\Users\Marta\Documents\Nová složka
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 09:03 - 2014-01-08 22:42 - 00003156 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMarta
2014-05-25 09:03 - 2013-12-15 21:47 - 00000000 ____D () C:\Users\Marta
2014-05-25 00:23 - 2014-05-25 00:23 - 00001674 _____ () C:\Users\Marta\Desktop\chyba.txt
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\rsit
2014-05-25 00:10 - 2014-05-25 00:10 - 00000000 ____D () C:\Program Files\trend micro
2014-05-25 00:09 - 2014-05-25 00:09 - 01222144 _____ () C:\Users\Marta\Downloads\RSITx64.exe
2014-05-25 00:02 - 2014-05-25 00:02 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 00:02 - 2014-05-25 00:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:55 - 2014-05-24 23:53 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
2014-05-24 23:52 - 2013-12-15 21:47 - 00000000 ____D () C:\Users\Marta\AppData\Local\VirtualStore
2014-05-24 23:32 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-24 23:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-24 23:04 - 2014-05-24 23:04 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx
2014-05-23 23:17 - 2014-05-23 23:17 - 00000269 _____ () C:\Windows\RomeTW.ini
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 23:17 - 2014-05-23 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rome - Total War
2014-05-23 22:32 - 2014-05-23 22:32 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-05-22 07:31 - 2014-05-19 18:28 - 00001227 _____ () C:\Users\Marta\Desktop\elementy_div.css
2014-05-22 07:25 - 2013-12-16 13:30 - 00000000 ____D () C:\Users\Marta\Documents\gimp stuff
2014-05-21 18:50 - 2013-09-18 18:04 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-21 18:48 - 2013-09-18 18:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-21 13:03 - 2013-12-16 11:36 - 00000000 ____D () C:\Users\Marta\AppData\Local\PokerStars
2014-05-20 20:34 - 2014-05-19 18:27 - 00001146 _____ () C:\Users\Marta\Desktop\elementy_div.html
2014-05-20 06:59 - 2014-05-20 06:59 - 00000000 ____D () C:\Users\Marta\Desktop\css1
2014-05-20 06:37 - 2014-05-20 06:37 - 00056294 _____ () C:\Users\Marta\Desktop\css1.zip
2014-05-19 19:11 - 2013-12-15 23:22 - 00000000 ____D () C:\Users\Marta\.gimp-2.8
2014-05-19 18:34 - 2013-12-15 21:52 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1482324353-3948896138-1893195853-1004
2014-05-18 19:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-05-16 16:36 - 2013-12-15 21:47 - 00000000 ___RD () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 16:36 - 2013-12-15 21:47 - 00000000 ___RD () C:\Users\Marta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 16:34 - 2013-09-16 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 16:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-16 09:01 - 2014-01-27 12:15 - 00000024 _____ () C:\SROF.ini
2014-05-16 09:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-16 08:27 - 2014-04-17 15:40 - 00000000 ____D () C:\Users\Marta\Desktop\futsal
2014-05-15 21:45 - 2012-11-06 14:10 - 00004206 _____ () C:\Windows\system32\RaCoInst.log
2014-05-15 21:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-05-15 21:40 - 2013-09-17 09:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 21:38 - 2013-09-17 09:22 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 07:40 - 2013-12-16 12:37 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\vlc
2014-05-12 19:19 - 2014-03-14 13:52 - 00000000 ____D () C:\Users\Marta\Desktop\Nová složka
2014-05-12 07:26 - 2014-05-25 00:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 00:02 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-25 00:02 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 22:37 - 2014-05-09 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 08:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-06 07:14 - 2014-05-15 20:07 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-15 20:07 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-15 20:07 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:48 - 2014-05-15 20:06 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:37 - 2014-05-15 20:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-15 20:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 22:37 - 2013-11-14 07:34 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:37 - 2013-11-14 07:34 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 21:49 - 2013-12-15 21:48 - 00000000 ____D () C:\Users\Marta\AppData\Roaming\hpqlog
2014-04-30 21:49 - 2012-09-09 07:11 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-04-30 21:49 - 2012-08-02 23:20 - 00000000 ____D () C:\swsetup
2014-04-30 02:51 - 2014-04-30 02:51 - 00000000 ____D () C:\Users\Marta\Documents\ProcAlyzer Dumps
2014-04-28 17:15 - 2014-04-25 11:43 - 00000000 ____D () C:\Users\Marta\Desktop\csob
2014-04-28 14:40 - 2013-12-16 11:35 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-04-26 00:01 - 2014-04-25 22:47 - 1468999508 _____ () C:\Users\Marta\Downloads\Baader.Meinhof.Komplex.2008-Nerez.CZ.avi
2014-04-25 13:38 - 2014-04-25 13:38 - 00000000 ____D () C:\Users\Marta\Desktop\xml

Some content of TEMP:
====================
C:\Users\Marta\AppData\Local\Temp\cabex.dll
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe
C:\Users\Marta\AppData\Local\Temp\unelevate.exe
C:\Users\Spravce\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-15 20:07] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-17 04:06




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (OS) (Fixed) (Total:682.48 GB) (Free:607.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:12.96 GB) (Free:2.03 GB) NTFS

Available physical RAM: 2015.86 MB
Total physical RAM: 3978.76 MB
Percentage of memory in use: 49%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 699 GB) (Disk ID: A50E1C7D)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Marta\Desktop" je 8 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
  HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
  HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
  HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
  HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
  HKLM-x32\...\Run: [] => [X]
  HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] ()
  HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe" 
  
  2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
  2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
  2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
  2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
  2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner
  2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
  2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
  2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
  2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
  2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
  2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
  2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
  2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
  C:\Users\Marta\AppData\Local\Temp\cabex.dll
  C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
  C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe
  C:\Users\Marta\AppData\Local\Temp\Quarantine.exe
  C:\Users\Marta\AppData\Local\Temp\tu17p84.exe
  C:\Users\Marta\AppData\Local\Temp\unelevate.exe
  C:\Users\Spravce\AppData\Local\Temp\_unps.exe
  
  Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
  
  AlternateDataStreams: C:\ProgramData\Temp:56E2E879
  
  Hosts:
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Zeptám se, proběhl fix, vytvořil se log nyní to mám tedy zavřít a restartovat?

obsah fixlogu je tento:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014
Ran by Marta at 2014-05-25 11:48:18 Run:1
Running from C:\Users\Marta\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] ()
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe"

2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
C:\Users\Marta\AppData\Local\Temp\cabex.dll
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe
C:\Users\Marta\AppData\Local\Temp\unelevate.exe
C:\Users\Spravce\AppData\Local\Temp\_unps.exe

Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

Hosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLMLServer_For_P2G8 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLVirtualDrive => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key deleted successfully.
HKCR\CLSID\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key not found.
C:\Users\Marta\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Marta\Downloads\VerzeOS.exe => Moved successfully.
C:\Users\Marta\Desktop\AdwCleaner[S0].txt => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Marta\Desktop\adwcleaner_3.210.exe => Moved successfully.
C:\Users\Marta\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Marta\Desktop\JRT.exe => Moved successfully.
C:\Windows\wininit.ini => Moved successfully.
C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe => Moved successfully.
C:\Users\Marta\Downloads\hijackthis.log => Moved successfully.
C:\Users\Marta\Downloads\HiJackThis.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\unelevate.exe => Moved successfully.
C:\Users\Spravce\AppData\Local\Temp\_unps.exe => Moved successfully.
C:\Windows\Tasks\HPCeeScheduleForMarta.job => Moved successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014
Ran by Marta at 2014-05-25 11:48:18 Run:1
Running from C:\Users\Marta\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-24] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Marta\AppData\Roaming\Seznam.cz\szninstall.exe [968840 2012-07-10] ()
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\...\MountPoints2: {bd133ddb-7314-11e3-be8e-689423b68ae6} - "G:\autoplay.exe"

2014-05-25 11:05 - 2014-05-25 11:05 - 00112640 _____ (forum.viry.cz) C:\Users\Marta\Desktop\FRSTLauncher.exe
2014-05-25 11:04 - 2014-05-25 11:04 - 00112107 _____ (forum.viry.cz) C:\Users\Marta\Downloads\VerzeOS.exe
2014-05-25 09:38 - 2014-05-25 09:38 - 00002024 _____ () C:\Users\Marta\Desktop\AdwCleaner[S0].txt
2014-05-25 09:35 - 2014-05-25 09:35 - 00006886 _____ () C:\Windows\PFRO.log
2014-05-25 09:33 - 2014-05-25 09:34 - 00000000 ____D () C:\AdwCleaner
2014-05-25 09:32 - 2014-05-25 09:32 - 01326389 _____ () C:\Users\Marta\Desktop\adwcleaner_3.210.exe
2014-05-25 09:31 - 2014-05-25 09:31 - 00001054 _____ () C:\Users\Marta\Desktop\JRT.txt
2014-05-25 09:26 - 2014-05-25 09:26 - 00000000 ____D () C:\Windows\ERUNT
2014-05-25 09:25 - 2014-05-25 09:25 - 01016261 _____ (Thisisu) C:\Users\Marta\Desktop\JRT.exe
2014-05-25 09:24 - 2014-05-25 09:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-25 00:01 - 2014-05-25 00:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-24 23:53 - 2014-05-24 23:55 - 00012408 _____ () C:\Users\Marta\Downloads\hijackthis.log
2014-05-24 23:52 - 2014-05-24 23:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Marta\Downloads\HiJackThis.exe
C:\Users\Marta\AppData\Local\Temp\cabex.dll
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe
C:\Users\Marta\AppData\Local\Temp\unelevate.exe
C:\Users\Spravce\AppData\Local\Temp\_unps.exe

Task: C:\Windows\Tasks\HPCeeScheduleForMarta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

Hosts:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLMLServer_For_P2G8 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CLVirtualDrive => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\S-1-5-21-1482324353-3948896138-1893195853-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key deleted successfully.
HKCR\CLSID\{bd133ddb-7314-11e3-be8e-689423b68ae6} => Key not found.
C:\Users\Marta\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Marta\Downloads\VerzeOS.exe => Moved successfully.
C:\Users\Marta\Desktop\AdwCleaner[S0].txt => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Marta\Desktop\adwcleaner_3.210.exe => Moved successfully.
C:\Users\Marta\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Marta\Desktop\JRT.exe => Moved successfully.
C:\Windows\wininit.ini => Moved successfully.
C:\Users\Marta\Downloads\mbam-setup-2.0.2.1012.exe => Moved successfully.
C:\Users\Marta\Downloads\hijackthis.log => Moved successfully.
C:\Users\Marta\Downloads\HiJackThis.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\cabex.dll => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\PartnerInstallerYTAi.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\tu17p84.exe => Moved successfully.
C:\Users\Marta\AppData\Local\Temp\unelevate.exe => Moved successfully.
C:\Users\Spravce\AppData\Local\Temp\_unps.exe => Moved successfully.
C:\Windows\Tasks\HPCeeScheduleForMarta.job => Moved successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Ano, restartujte PC a napiste jestli jsou jeste problemy

Malwarebytes nic nenašel, ještě jsem vyčistil cc cleanerem, tak snad je vše ok.

Moc děkuji za pomoc.

Hezký zbytek dne.
Martin

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

A pokud nejsou problemy ci dotazy, je to z me strany vse

uklizeno

Ještě jednou díky.

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat