Modrá Smrt - černá obrazovka a restart

[Novatera]

Stále ten samej problém, combofix projel a "instalace" se zastavila u Výstupní složka C:/ a nějaké čísla, poté tabulka zmizela a dále nic..

[motji]

Prosím Vás, tento program znáte?
C:\Users\R\AppData\Local\ElevatedDiagnostics

[Novatera]

Neznám

[motji]

To je fakt divný .
Vydržte 10minut, napíšu skript na OTL.

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{5F3F9639-E5E6-4C72-92D2-32A40E19016D}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{5F3F9639-E5E6-4C72-92D2-32A40E19016D}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
 IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPDTDF
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\SearchScopes,DefaultScope = {9323A353-AFF0-4CF7-BC9E-06FBC725280F}
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6031e39d000000000000e06995d0fdb8&tlver=1.4.19.19&affID=16553
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\SearchScopes\{5F3F9639-E5E6-4C72-92D2-32A40E19016D}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\SearchScopes\{8F9D9062-E650-42D2-A9CF-25F2B2FB15A7}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\SearchScopes\{9323A353-AFF0-4CF7-BC9E-06FBC725280F}: "URL" = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={AF1CC4D1-17F6-4746-BA92-C6540240F2C7}&mid=de7c4882e6fd47d0ba313120d334144b-7f972e7bff31c40378e5ed4d7cf05492bd8e023b&lang=cs&ds=AVG&pr=fr&d=2012-08-13 12:12:34&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\SearchScopes\{D08C209D-06B7-4040-A3D3-1FFE942FFE38}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PTV&o=15184&src=kw&q={searchTerms}&locale=&apn_ptnrs=^RY&apn_dtid=^YYYYYY^V2^CZ&apn_uid=310DE541-4783-4A91-AF7E-1478644ECE61&apn_sauid=0885F10C-4CD0-432B-AD0C-BE4277386034
IE - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\SearchScopes\9665500415544EE59F4093BA1D2C27F8: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1a92553fc3706c469bd5c78793b2aa21.exe ()
O4 - Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1a92553fc3706c469bd5c78793b2aa21.exe ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - L:\Icq\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - L:\Icq\ICQLite\ICQLite.exe File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-93735815-1299707322-140628041-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:05EE1EEF

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1a92553fc3706c469bd5c78793b2aa21.exe 
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1a92553fc3706c469bd5c78793b2aa21.exe 

:folder
C:\Users\R\AppData\Local\ElevatedDiagnostics

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[clearallrestorepoints]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

[Novatera]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F3F9639-E5E6-4C72-92D2-32A40E19016D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F3F9639-E5E6-4C72-92D2-32A40E19016D}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F3F9639-E5E6-4C72-92D2-32A40E19016D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F3F9639-E5E6-4C72-92D2-32A40E19016D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-93735815-1299707322-140628041-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-93735815-1299707322-140628041-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F3F9639-E5E6-4C72-92D2-32A40E19016D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F3F9639-E5E6-4C72-92D2-32A40E19016D}\ not found.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F9D9062-E650-42D2-A9CF-25F2B2FB15A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F9D9062-E650-42D2-A9CF-25F2B2FB15A7}\ not found.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9323A353-AFF0-4CF7-BC9E-06FBC725280F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9323A353-AFF0-4CF7-BC9E-06FBC725280F}\ not found.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D08C209D-06B7-4040-A3D3-1FFE942FFE38}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D08C209D-06B7-4040-A3D3-1FFE942FFE38}\ not found.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1a92553fc3706c469bd5c78793b2aa21.exe moved successfully.
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1a92553fc3706c469bd5c78793b2aa21.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-93735815-1299707322-140628041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
ADS C:\ProgramData\Temp:05EE1EEF deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP folder moved successfully.
C:\WINDOWS\BCD5545077AC4347B24F654B1189F8D4.TMP folder moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP64D0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE2A4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3B1C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP646.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI2B26.tmp- folder moved successfully.
C:\WINDOWS\Installer\MSI4E01.tmp moved successfully.
C:\WINDOWS\Installer\MSI9E10.tmp- folder moved successfully.
C:\WINDOWS\Installer\MSIA20A.tmp moved successfully.
C:\WINDOWS\Installer\MSIAF33.tmp moved successfully.
C:\WINDOWS\Installer\MSID055.tmp- folder moved successfully.
C:\WINDOWS\Installer\MSIE202.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\657d4867ac2eefe31d67c61c2e89552b\BITDBA7.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\8eae7fca2e8b42147090801b853b2bca\$dpx$.tmp folder moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\8eae7fca2e8b42147090801b853b2bca\BITB394.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\9b051ad887afbd6e1412f25d48be3eff\BITDEBB.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\9bb8d18b2a8ffd7224ab5064df14a271\BITDD61.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\b4dfe709898bdc78ba46be80a74a9d78\BITDBE8.tmp moved successfully.
File\Folder C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1a92553fc3706c469bd5c78793b2aa21.exe not found.
File\Folder C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1a92553fc3706c469bd5c78793b2aa21.exe not found.
Error: Unable to interpret <:folder> in the current context!
Error: Unable to interpret <C:\Users\R\AppData\Local\ElevatedDiagnostics> in the current context!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 314622 bytes
->Temporary Internet Files folder emptied: 3476052 bytes
->Google Chrome cache emptied: 78633546 bytes
->Flash cache emptied: 56475 bytes

User: Public

User: R
->Temp folder emptied: 141094569 bytes
->Temporary Internet Files folder emptied: 1857637 bytes
->Java cache emptied: 11499945 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 25873967 bytes
->Flash cache emptied: 61071 bytes

User: test
->Temp folder emptied: 5135929 bytes
->Temporary Internet Files folder emptied: 6662663 bytes
->Google Chrome cache emptied: 21932336 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 56981 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 582446 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42328436 bytes
RecycleBin emptied: 134507968 bytes

Total Files Cleaned = 452.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: R
->Flash cache emptied: 0 bytes

User: test
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04052014_222354

Files\Folders moved on Reboot...
C:\Users\R\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[motji]

Poprosím o nový log z FRSTu. Háčky jsou na tom stále stejně?

[Novatera]

ť ď š ň ľ č

SUPEEER !

[motji]

Ještě se neradujte . Poprosím o ten log z Frstu a pak nový restart a vyzkoušet háčky. Paknahlašte jeslti jsou ještě nějaké problémy.
Teda Vy jste mi dal

[Novatera]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by R (administrator) on R-HP on 05-04-2014 22:46:09
Running from C:\Users\R\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [NeroFilterCheck] - C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\Run: [CreativeTaskScheduler] - C:\Program Files (x86)\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\Run: [1a92553fc3706c469bd5c78793b2aa21] - "C:\Users\R\AppData\Local\Temp\FlashPlayerPlugin_11_9_900_117.exe" .. <===== ATTENTION
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\MountPoints2: J - J:\LaunchU3.exe -a
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\MountPoints2: {73eafd82-3873-11e1-afaa-e06995d0fdb8} - J:\launcher.exe
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\MountPoints2: {be5fc397-3096-11e1-987d-e06995d0fdb8} - M:\ZTE_Handset_USB_Driver.exe
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\MountPoints2: {dcf14671-d57b-11e0-874d-e06995d0fdb8} - K:\LaunchU3.exe -a
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\MountPoints2: {ff09786f-eb4b-11e0-80f3-e06995d0fdb8} - J:\INSTALL.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {5F3F9639-E5E6-4C72-92D2-32A40E19016D} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKCU - 9665500415544EE59F4093BA1D2C27F8 URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-08-16] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{A4748267-3642-46B9-BBD0-D6D8B7A0A1FE}: [NameServer]8.8.8.8,8.8.4.4

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-22]
CHR Extension: (Google Drive) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-22]
CHR Extension: (YouTube) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-22]
CHR Extension: (Google Search) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-22]
CHR Extension: (Ads Removal) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-25]
CHR Extension: (No Name) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2014-01-03]
CHR Extension: (Skype Click to Call) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-22]
CHR Extension: (Peněženka Google) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-22]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\R\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2013-05-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4390376 2011-07-17] (INCA Internet Co., Ltd.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-01] ()
S2 pr2agqwb; C:\Windows\system32\pr2agqwb.exe [777576 2007-11-14] (Cyanide)
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

S1 blmrinyk; No ImagePath
S1 crhazelt; No ImagePath
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-07] (DT Soft Ltd)
S3 dump_wmimmc; No ImagePath
S1 ehjpujev; No ImagePath
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S1 kpcvdoxk; No ImagePath
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2014-02-26] (Intel Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2004-12-31] (INCA Internet Co., Ltd.)
S1 nvagnqts; No ImagePath
R0 pe3agqwb; C:\Windows\System32\drivers\pe3agqwb.sys [72296 2007-11-14] (Cyanide)
R0 ps7agqwb; C:\Windows\System32\drivers\ps7agqwb.sys [102000 2007-11-14] (Cyanide)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 scjuwzdg; No ImagePath
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 tgabgvnb; No ImagePath
S1 twprlugc; No ImagePath
S1 tzmeppsq; No ImagePath
S1 ufktitac; No ImagePath
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () <===== ATTENTION Necurs Rootkit?
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 cpuz136; \??\C:\Users\R\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 22:46 - 2014-04-05 22:46 - 00013930 _____ () C:\Users\R\Desktop\FRST.txt
2014-04-05 22:45 - 2014-04-05 22:46 - 00000000 ____D () C:\FRST
2014-04-05 22:45 - 2014-04-05 22:45 - 02157056 _____ (Farbar) C:\Users\R\Desktop\FRST64.exe
2014-04-05 22:23 - 2014-04-05 22:23 - 00000000 ____D () C:\_OTL
2014-04-05 22:00 - 2014-04-05 22:00 - 00000000 ____D () C:\Qoobox
2014-04-05 21:59 - 2014-04-05 21:59 - 05193579 ____R (Swearware) C:\Users\R\Desktop\ComboFix.exe
2014-04-05 21:59 - 2014-04-05 21:59 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 21:57 - 2014-04-05 21:58 - 00003172 _____ () C:\Users\R\Desktop\Rkill.txt
2014-04-05 21:57 - 2014-04-05 21:57 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\R\Desktop\rkill.exe
2014-04-05 21:55 - 2014-04-05 21:55 - 00000512 _____ () C:\PhysicalMBR.bin
2014-04-05 21:53 - 2014-04-05 21:53 - 00602112 _____ (OldTimer Tools) C:\Users\R\Desktop\OTL.exe
2014-04-05 21:10 - 2014-04-05 21:10 - 00002848 _____ () C:\Windows\PFRO.log
2014-04-05 21:08 - 2014-04-05 21:08 - 00014465 _____ () C:\Users\R\Desktop\AdwCleaner[R0].txt
2014-04-05 21:04 - 2014-04-05 21:09 - 00000000 ____D () C:\AdwCleaner
2014-04-05 20:54 - 2014-04-05 20:54 - 01426178 _____ () C:\Users\R\Desktop\AdwCleaner.exe
2014-04-05 20:54 - 2014-04-05 20:54 - 01038974 _____ (Thisisu) C:\Users\R\Desktop\JRT.exe
2014-04-05 15:50 - 2014-04-05 16:31 - 736506338 _____ () C:\Users\R\Desktop\Vrána=1994-Akční-DVD-CZ.avi
2014-04-05 09:22 - 2014-04-05 22:26 - 00000224 _____ () C:\Windows\setupact.log
2014-04-05 09:22 - 2014-04-05 09:23 - 05003552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 09:22 - 2014-04-05 09:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 03:42 - 2014-04-05 05:34 - 00003861 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 01:16 - 2014-04-05 01:16 - 00115304 _____ () C:\Users\R\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 01:05 - 2014-04-05 01:05 - 00165888 _____ () C:\Users\R\Documents\T-Cleaner.exe
2014-04-04 22:28 - 2014-04-04 22:41 - 123185915 _____ () C:\Users\R\Desktop\Duch-=1990-Romantický-DVD-CZ.avi
2014-04-04 22:24 - 2014-04-04 22:28 - 21942207 _____ () C:\Users\R\Desktop\Carrie-(2013)-Novinka-CZ-dabing-Drama-Horor-Mysteriozní-výborná-BDRip-kvalita-.MEMRC123..avi
2014-04-04 21:49 - 2014-04-04 22:08 - 351481856 _____ () C:\Users\R\Desktop\Hannah-Montana-1x01---Lilly,-chces-znat-tajemstvi-.avi
2014-04-03 23:43 - 2014-04-03 23:58 - 286788548 _____ () C:\Users\R\Desktop\Lord-Ryolith-HC-3.4.2014.mp4
2014-04-03 21:12 - 2014-04-03 21:53 - 731565116 _____ () C:\Users\R\Desktop\Deník-princezny.CZ-dab.Mikky.avi
2014-04-03 16:21 - 2014-04-03 16:21 - 00000000 _____ () C:\Users\R\Desktop\fl hc.txt
2014-04-02 17:07 - 2014-04-02 17:08 - 00000000 ____D () C:\Users\R\Desktop\Nová složka (3)
2014-04-01 19:07 - 2014-04-01 19:53 - 828302680 _____ () C:\Users\R\Desktop\Farma-smrti-cz-[natu3].avi
2014-04-01 10:37 - 2014-04-01 10:37 - 00009216 _____ () C:\Users\R\Documents\cc_20140401_103749.reg
2014-04-01 10:08 - 2014-04-05 01:07 - 00000000 _____ () C:\SRStatus2.txt
2014-03-31 23:43 - 2014-03-31 23:43 - 00008585 _____ () C:\Users\R\Desktop\mbam.txt
2014-03-31 23:13 - 2014-04-01 10:44 - 00000115 _____ () C:\Users\R\Desktop\Nový textový dokument.txt
2014-03-31 21:35 - 2014-03-31 21:35 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-31 21:35 - 2014-03-31 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-31 21:35 - 2014-03-05 09:32 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-31 21:35 - 2014-03-05 09:32 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-31 21:35 - 2014-03-05 09:32 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 21:34 - 2014-03-31 21:34 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\R\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-31 21:32 - 2014-04-05 22:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-31 21:31 - 2014-03-31 21:31 - 17523520 _____ (Malwarebytes Corporation ) C:\Users\R\Desktop\mbam-setup.exe
2014-03-31 18:35 - 2014-03-31 19:44 - 1248584811 _____ () C:\Users\R\Desktop\NOVÁ-DCERA-CZ-dabing-Thriller-Horor-(2009)-s-KCostnerom.wmv
2014-03-31 16:59 - 2014-03-31 16:59 - 00000000 _____ () C:\Users\R\Desktop\OSType.txt
2014-03-31 12:27 - 2014-04-05 22:04 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-31 03:22 - 2014-03-31 03:24 - 00000000 ____D () C:\Users\R\Desktop\flashka
2014-03-31 03:19 - 2014-03-31 03:27 - 00000000 ____D () C:\Users\R\Desktop\nova
2014-03-30 21:44 - 2014-03-30 21:44 - 00004450 _____ () C:\Users\test\Desktop\RKreport[0]_D_03302014_214412.txt
2014-03-30 21:43 - 2014-03-30 21:43 - 00004360 _____ () C:\Users\test\Desktop\RKreport[0]_S_03302014_214326.txt
2014-03-30 21:33 - 2014-03-30 21:55 - 00000000 ____D () C:\Users\test\Desktop\RK_Quarantine
2014-03-30 21:30 - 2014-03-30 21:31 - 03972608 _____ () C:\Users\test\Downloads\RogueKiller.exe
2014-03-30 20:19 - 2014-03-30 20:20 - 00000000 ____D () C:\Users\R\Desktop\plocha
2014-03-30 20:17 - 2014-03-30 20:17 - 00004466 _____ () C:\Users\test\Documents\cc_20140330_201736.reg
2014-03-30 17:56 - 2014-03-30 17:56 - 00000000 ____D () C:\Users\test\AppData\Roaming\Malwarebytes
2014-03-30 17:55 - 2014-03-30 17:55 - 00000000 ____D () C:\Users\test\AppData\Roaming\AVAST Software
2014-03-30 17:41 - 2014-03-30 17:58 - 3201380352 _____ () C:\Users\R\AppData\Roaming\tmp.tmp
2014-03-30 17:38 - 2014-03-30 17:38 - 00012999 _____ () C:\Users\R\Documents\hijackthis.log
2014-03-30 16:38 - 2014-03-31 21:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-30 16:38 - 2014-03-30 19:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-30 16:38 - 2014-03-30 16:38 - 00000000 ____D () C:\Users\R\AppData\Roaming\Malwarebytes
2014-03-30 01:40 - 2014-03-30 01:40 - 00000000 ____D () C:\Users\R\AppData\Roaming\AVAST Software
2014-03-30 01:38 - 2014-03-30 01:38 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-29 17:29 - 2014-03-29 19:07 - 833394688 _____ () C:\Users\R\Documents\PAN-DOMU---CZ-dvdrip.avi
2014-03-29 05:36 - 2014-03-29 05:36 - 00000000 ____D () C:\Users\R\AppData\Local\VS Revo Group
2014-03-29 05:36 - 2014-03-29 05:36 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-29 05:36 - 2014-03-29 05:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-29 05:36 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-03-29 05:33 - 2014-03-29 05:33 - 00000000 ____D () C:\Users\R\AppData\Roaming\Flashmedia
2014-03-29 03:34 - 2014-03-29 03:34 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-03-29 02:03 - 2014-03-29 02:03 - 00002525 _____ () C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk
2014-03-27 17:05 - 2014-04-03 17:09 - 00000000 ____D () C:\Users\R\Desktop\Nová složka (2)
2014-03-19 22:21 - 2014-03-19 22:21 - 02815713 _____ () C:\Users\R\Documents\Bez názvu.wma
2014-03-19 16:30 - 2014-03-19 16:30 - 00000000 ____D () C:\ProgramData\Steam
2014-03-19 16:07 - 2014-03-19 16:07 - 00000000 ____D () C:\Program Files (x86)\Total War Rome II CZ
2014-03-17 05:46 - 2014-03-17 05:46 - 00000000 ____D () C:\Users\R\Documents\LucasArts
2014-03-17 05:46 - 2014-03-17 05:46 - 00000000 ____D () C:\Users\R\AppData\Local\LucasArts
2014-03-17 01:27 - 2014-03-17 01:27 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2014-03-17 00:44 - 2014-04-04 21:39 - 00000000 ____D () C:\Users\R\Desktop\afsafs
2014-03-16 20:16 - 2014-03-16 20:17 - 00000000 ____D () C:\Users\R\Desktop\Maturitní ples 2POA
2014-03-16 18:29 - 2014-03-16 18:35 - 736757760 _____ () C:\Users\R\Documents\KOPACKY-2008-KOMEDIE-CZ-DABING.avi
2014-03-16 15:32 - 2014-03-16 15:37 - 774180380 _____ () C:\Users\R\Documents\Silent-Hill-2006.CZ-dab.avi
2014-03-13 06:01 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 06:01 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 06:01 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 06:01 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 06:01 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 06:01 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 06:01 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 06:01 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 06:01 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 06:01 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 06:01 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 06:01 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 06:01 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 06:01 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 06:01 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 06:01 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 06:01 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 06:01 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 06:01 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 06:01 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 06:01 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 06:01 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 06:01 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 06:01 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 06:01 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 06:01 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 06:01 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 06:01 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 06:01 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 06:01 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 06:01 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 06:01 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 06:01 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 06:01 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 06:01 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 06:01 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 06:01 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 06:01 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 06:01 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 06:01 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 06:01 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 06:01 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 06:01 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 06:01 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 06:00 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 06:00 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 06:00 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 06:00 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-09 23:04 - 2014-03-09 23:04 - 00044752 _____ () C:\Users\R\Downloads\stažený soubor (4).htm
2014-03-09 22:48 - 2014-03-09 22:48 - 00044518 _____ () C:\Users\R\Downloads\stažený soubor (3).htm
2014-03-09 22:48 - 2014-03-09 22:48 - 00044518 _____ () C:\Users\R\Downloads\stažený soubor (2).htm
2014-03-09 22:43 - 2014-03-09 22:43 - 00058450 _____ () C:\Users\R\Downloads\viewforum (4).htm
2014-03-09 22:34 - 2014-03-09 22:34 - 00031929 _____ () C:\Users\R\Downloads\stažený soubor (1).htm
2014-03-09 22:34 - 2014-03-09 22:34 - 00013767 _____ () C:\Users\R\Downloads\forum (1).htm
2014-03-09 21:45 - 2014-03-09 21:45 - 00031070 _____ () C:\Users\R\Downloads\viewforum.htm
2014-03-09 21:45 - 2014-03-09 21:45 - 00025344 _____ () C:\Users\R\Downloads\viewforum (3).htm
2014-03-09 21:45 - 2014-03-09 21:45 - 00025344 _____ () C:\Users\R\Downloads\viewforum (2).htm
2014-03-09 21:45 - 2014-03-09 21:45 - 00025344 _____ () C:\Users\R\Downloads\viewforum (1).htm
2014-03-09 16:06 - 2014-03-09 16:06 - 00042188 _____ () C:\Users\R\Downloads\stažený soubor.htm
2014-03-09 14:06 - 2014-03-09 14:06 - 00042553 _____ () C:\Users\R\Downloads\index (6).php
2014-03-09 14:06 - 2014-03-09 14:06 - 00042553 _____ () C:\Users\R\Downloads\index (5).php
2014-03-09 14:06 - 2014-03-09 14:06 - 00042553 _____ () C:\Users\R\Downloads\index (4).php
2014-03-09 14:06 - 2014-03-09 14:06 - 00042553 _____ () C:\Users\R\Downloads\index (3).php
2014-03-09 14:06 - 2014-03-09 14:06 - 00042553 _____ () C:\Users\R\Downloads\index (2).php
2014-03-09 14:03 - 2014-03-09 14:03 - 00041975 _____ () C:\Users\R\Downloads\index.php
2014-03-09 14:03 - 2014-03-09 14:03 - 00041975 _____ () C:\Users\R\Downloads\index (1).php
2014-03-09 01:16 - 2014-03-09 01:16 - 00956137 _____ () C:\Users\R\Downloads\pc_budik_2012.zip
2014-03-09 01:16 - 2014-03-09 01:16 - 00956137 _____ () C:\Users\R\Downloads\pc_budik_2012 (1).zip
2014-03-07 12:38 - 2014-03-07 12:38 - 00048406 _____ () C:\Users\R\Downloads\viewtopic (1).htm
2014-03-06 20:43 - 2014-03-06 20:43 - 00042627 _____ () C:\Users\R\Downloads\viewtopic.htm
2014-03-06 19:26 - 2014-03-06 19:26 - 00013767 _____ () C:\Users\R\Downloads\forum.htm

==================== One Month Modified Files and Folders =======

2014-04-05 22:46 - 2014-04-05 22:46 - 00013930 _____ () C:\Users\R\Desktop\FRST.txt
2014-04-05 22:46 - 2014-04-05 22:45 - 00000000 ____D () C:\FRST
2014-04-05 22:45 - 2014-04-05 22:45 - 02157056 _____ (Farbar) C:\Users\R\Desktop\FRST64.exe
2014-04-05 22:39 - 2012-06-25 10:10 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-05 22:33 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-05 22:33 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 22:30 - 2011-08-16 13:04 - 00737120 _____ () C:\Windows\system32\perfh005.dat
2014-04-05 22:30 - 2011-08-16 13:04 - 00166810 _____ () C:\Windows\system32\perfc005.dat
2014-04-05 22:30 - 2009-07-14 07:13 - 01775876 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 22:26 - 2014-04-05 09:22 - 00000224 _____ () C:\Windows\setupact.log
2014-04-05 22:26 - 2014-03-31 21:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 22:26 - 2011-09-19 02:00 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 22:26 - 2011-09-02 18:09 - 00000000 ____D () C:\Users\R\AppData\Roaming\Skype
2014-04-05 22:26 - 2011-08-16 13:32 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-05 22:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 22:23 - 2014-04-05 22:23 - 00000000 ____D () C:\_OTL
2014-04-05 22:23 - 2013-05-30 12:23 - 00000000 ___RD () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-05 22:23 - 2011-09-02 18:03 - 00000000 ___RD () C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-05 22:04 - 2014-03-31 12:27 - 00000000 ___SD () C:\32788R22FWJFW
2014-04-05 22:00 - 2014-04-05 22:00 - 00000000 ____D () C:\Qoobox
2014-04-05 21:59 - 2014-04-05 21:59 - 05193579 ____R (Swearware) C:\Users\R\Desktop\ComboFix.exe
2014-04-05 21:59 - 2014-04-05 21:59 - 00000000 ____D () C:\Windows\erdnt
2014-04-05 21:58 - 2014-04-05 21:57 - 00003172 _____ () C:\Users\R\Desktop\Rkill.txt
2014-04-05 21:57 - 2014-04-05 21:57 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\R\Desktop\rkill.exe
2014-04-05 21:55 - 2014-04-05 21:55 - 00000512 _____ () C:\PhysicalMBR.bin
2014-04-05 21:53 - 2014-04-05 21:53 - 00602112 _____ (OldTimer Tools) C:\Users\R\Desktop\OTL.exe
2014-04-05 21:26 - 2011-09-19 02:00 - 00000942 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 21:10 - 2014-04-05 21:10 - 00002848 _____ () C:\Windows\PFRO.log
2014-04-05 21:09 - 2014-04-05 21:04 - 00000000 ____D () C:\AdwCleaner
2014-04-05 21:09 - 2012-08-15 23:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-05 21:09 - 2011-11-17 17:52 - 00000000 ____D () C:\ProgramData\ICQ
2014-04-05 21:08 - 2014-04-05 21:08 - 00014465 _____ () C:\Users\R\Desktop\AdwCleaner[R0].txt
2014-04-05 20:54 - 2014-04-05 20:54 - 01426178 _____ () C:\Users\R\Desktop\AdwCleaner.exe
2014-04-05 20:54 - 2014-04-05 20:54 - 01038974 _____ (Thisisu) C:\Users\R\Desktop\JRT.exe
2014-04-05 18:27 - 2011-09-09 23:44 - 00000000 ____D () C:\Users\R\AppData\Roaming\TS3Client
2014-04-05 16:31 - 2014-04-05 15:50 - 736506338 _____ () C:\Users\R\Desktop\Vrána=1994-Akční-DVD-CZ.avi
2014-04-05 09:23 - 2014-04-05 09:22 - 05003552 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 09:22 - 2014-04-05 09:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-05 05:34 - 2014-04-05 03:42 - 00003861 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 01:16 - 2014-04-05 01:16 - 00115304 _____ () C:\Users\R\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 01:16 - 2014-03-01 19:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-05 01:09 - 2011-09-21 00:53 - 00000000 ____D () C:\Users\R\AppData\Roaming\Media Player Classic
2014-04-05 01:07 - 2014-04-01 10:08 - 00000000 _____ () C:\SRStatus2.txt
2014-04-05 01:07 - 2011-09-02 17:55 - 00000000 ____D () C:\Users\R
2014-04-05 01:05 - 2014-04-05 01:05 - 00165888 _____ () C:\Users\R\Documents\T-Cleaner.exe
2014-04-05 01:05 - 2012-12-30 17:36 - 00000000 ____D () C:\Users\R\Documents\The KMPlayer
2014-04-04 22:41 - 2014-04-04 22:28 - 123185915 _____ () C:\Users\R\Desktop\Duch-=1990-Romantický-DVD-CZ.avi
2014-04-04 22:28 - 2014-04-04 22:24 - 21942207 _____ () C:\Users\R\Desktop\Carrie-(2013)-Novinka-CZ-dabing-Drama-Horor-Mysteriozní-výborná-BDRip-kvalita-.MEMRC123..avi
2014-04-04 22:08 - 2014-04-04 21:49 - 351481856 _____ () C:\Users\R\Desktop\Hannah-Montana-1x01---Lilly,-chces-znat-tajemstvi-.avi
2014-04-04 21:39 - 2014-03-17 00:44 - 00000000 ____D () C:\Users\R\Desktop\afsafs
2014-04-04 18:32 - 2012-11-10 09:54 - 00000316 _____ () C:\Windows\Tasks\HPCeeScheduleForR.job
2014-04-04 02:45 - 2012-11-10 09:54 - 00003162 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForR
2014-04-04 02:45 - 2011-11-05 15:04 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-04 02:45 - 2011-09-10 09:40 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-04 02:44 - 2011-09-10 09:33 - 00000000 ____D () C:\Users\R\AppData\Roaming\HP Support Assistant
2014-04-04 02:44 - 2011-09-03 20:41 - 00000000 ____D () C:\Users\R\AppData\Roaming\HpUpdate
2014-04-03 23:58 - 2014-04-03 23:43 - 286788548 _____ () C:\Users\R\Desktop\Lord-Ryolith-HC-3.4.2014.mp4
2014-04-03 21:53 - 2014-04-03 21:12 - 731565116 _____ () C:\Users\R\Desktop\Deník-princezny.CZ-dab.Mikky.avi
2014-04-03 17:17 - 2013-09-22 23:39 - 00000000 ____D () C:\Users\R\AppData\Roaming\Spotify
2014-04-03 17:09 - 2014-03-27 17:05 - 00000000 ____D () C:\Users\R\Desktop\Nová složka (2)
2014-04-03 16:21 - 2014-04-03 16:21 - 00000000 _____ () C:\Users\R\Desktop\fl hc.txt
2014-04-02 17:08 - 2014-04-02 17:07 - 00000000 ____D () C:\Users\R\Desktop\Nová složka (3)
2014-04-02 01:29 - 2013-09-22 23:40 - 00000000 ____D () C:\Users\R\AppData\Local\Spotify
2014-04-01 19:53 - 2014-04-01 19:07 - 828302680 _____ () C:\Users\R\Desktop\Farma-smrti-cz-[natu3].avi
2014-04-01 10:44 - 2014-03-31 23:13 - 00000115 _____ () C:\Users\R\Desktop\Nový textový dokument.txt
2014-04-01 10:37 - 2014-04-01 10:37 - 00009216 _____ () C:\Users\R\Documents\cc_20140401_103749.reg
2014-03-31 23:43 - 2014-03-31 23:43 - 00008585 _____ () C:\Users\R\Desktop\mbam.txt
2014-03-31 21:35 - 2014-03-31 21:35 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-31 21:35 - 2014-03-31 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-31 21:34 - 2014-03-31 21:34 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\R\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-31 21:32 - 2014-03-30 16:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-31 21:31 - 2014-03-31 21:31 - 17523520 _____ (Malwarebytes Corporation ) C:\Users\R\Desktop\mbam-setup.exe
2014-03-31 19:44 - 2014-03-31 18:35 - 1248584811 _____ () C:\Users\R\Desktop\NOVÁ-DCERA-CZ-dabing-Thriller-Horor-(2009)-s-KCostnerom.wmv
2014-03-31 16:59 - 2014-03-31 16:59 - 00000000 _____ () C:\Users\R\Desktop\OSType.txt
2014-03-31 03:27 - 2014-03-31 03:19 - 00000000 ____D () C:\Users\R\Desktop\nova
2014-03-31 03:24 - 2014-03-31 03:22 - 00000000 ____D () C:\Users\R\Desktop\flashka
2014-03-31 03:18 - 2011-09-03 22:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-30 22:19 - 2013-04-04 19:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-30 21:58 - 2014-02-28 22:05 - 00000000 ____D () C:\Users\test\AppData\Roaming\TS3Client
2014-03-30 21:55 - 2014-03-30 21:33 - 00000000 ____D () C:\Users\test\Desktop\RK_Quarantine
2014-03-30 21:44 - 2014-03-30 21:44 - 00004450 _____ () C:\Users\test\Desktop\RKreport[0]_D_03302014_214412.txt
2014-03-30 21:43 - 2014-03-30 21:43 - 00004360 _____ () C:\Users\test\Desktop\RKreport[0]_S_03302014_214326.txt
2014-03-30 21:31 - 2014-03-30 21:30 - 03972608 _____ () C:\Users\test\Downloads\RogueKiller.exe
2014-03-30 21:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-30 20:20 - 2014-03-30 20:19 - 00000000 ____D () C:\Users\R\Desktop\plocha
2014-03-30 20:17 - 2014-03-30 20:17 - 00004466 _____ () C:\Users\test\Documents\cc_20140330_201736.reg
2014-03-30 19:38 - 2013-06-04 09:01 - 00000000 ____D () C:\Users\Guest
2014-03-30 19:38 - 2013-05-30 12:23 - 00000000 ____D () C:\Users\test
2014-03-30 19:37 - 2014-02-28 19:49 - 00000000 ____D () C:\Users\test\AppData\Local\Google
2014-03-30 19:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-03-30 19:12 - 2014-03-30 16:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-30 18:34 - 2013-05-30 12:23 - 00000000 ____D () C:\Users\test\AppData\Local\VirtualStore
2014-03-30 17:58 - 2014-03-30 17:41 - 3201380352 _____ () C:\Users\R\AppData\Roaming\tmp.tmp
2014-03-30 17:56 - 2014-03-30 17:56 - 00000000 ____D () C:\Users\test\AppData\Roaming\Malwarebytes
2014-03-30 17:55 - 2014-03-30 17:55 - 00000000 ____D () C:\Users\test\AppData\Roaming\AVAST Software
2014-03-30 17:38 - 2014-03-30 17:38 - 00012999 _____ () C:\Users\R\Documents\hijackthis.log
2014-03-30 16:38 - 2014-03-30 16:38 - 00000000 ____D () C:\Users\R\AppData\Roaming\Malwarebytes
2014-03-30 01:40 - 2014-03-30 01:40 - 00000000 ____D () C:\Users\R\AppData\Roaming\AVAST Software
2014-03-30 01:38 - 2014-03-30 01:38 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-30 01:36 - 2014-01-03 04:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-29 19:07 - 2014-03-29 17:29 - 833394688 _____ () C:\Users\R\Documents\PAN-DOMU---CZ-dvdrip.avi
2014-03-29 12:21 - 2011-09-19 02:00 - 00003938 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 12:21 - 2011-09-19 02:00 - 00003686 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 06:26 - 2012-09-20 21:31 - 00000000 ____D () C:\Program Files (x86)\DesetiPrsty
2014-03-29 06:21 - 2011-09-30 17:55 - 00000000 ____D () C:\Users\R\AppData\Roaming\DAEMON Tools Lite
2014-03-29 06:15 - 2011-11-14 01:48 - 00000000 ____D () C:\Program Files\DivX
2014-03-29 06:15 - 2011-11-14 01:47 - 00000000 ____D () C:\ProgramData\DivX
2014-03-29 06:15 - 2011-11-14 01:47 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-03-29 06:11 - 2012-03-23 21:37 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-29 06:05 - 2012-05-12 20:40 - 00000000 ____D () C:\Users\R\AppData\Roaming\Groovedown
2014-03-29 06:04 - 2012-06-07 12:54 - 00000000 ____D () C:\Users\R\AppData\Roaming\Xilisoft
2014-03-29 06:03 - 2012-06-17 12:28 - 00000000 ____D () C:\Program Files (x86)\URUSoft
2014-03-29 05:59 - 2012-12-22 21:02 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-03-29 05:57 - 2011-09-02 21:31 - 00000000 ____D () C:\Users\R\AppData\Roaming\Ubisoft
2014-03-29 05:57 - 2011-08-16 13:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-29 05:38 - 2012-10-02 00:15 - 00007589 _____ () C:\Users\R\AppData\Local\resmon.resmoncfg
2014-03-29 05:36 - 2014-03-29 05:36 - 00000000 ____D () C:\Users\R\AppData\Local\VS Revo Group
2014-03-29 05:36 - 2014-03-29 05:36 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-29 05:36 - 2014-03-29 05:36 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-29 05:33 - 2014-03-29 05:33 - 00000000 ____D () C:\Users\R\AppData\Roaming\Flashmedia
2014-03-29 05:12 - 2013-02-24 15:32 - 00000000 ____D () C:\Users\R\AppData\Roaming\BitTorrent
2014-03-29 05:11 - 2013-03-10 19:53 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-03-29 05:07 - 2013-05-10 17:06 - 00000000 ____D () C:\Program Files\LockHunter
2014-03-29 05:06 - 2011-09-26 15:50 - 00000000 ____D () C:\ProgramData\IObit
2014-03-29 04:50 - 2013-03-21 22:30 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-03-29 03:34 - 2014-03-29 03:34 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-03-29 03:34 - 2011-09-26 15:50 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-03-29 02:59 - 2014-01-03 06:26 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-29 02:05 - 2011-11-27 21:59 - 00000000 ____D () C:\Users\R\AppData\Local\SCE
2014-03-29 02:03 - 2014-03-29 02:03 - 00002525 _____ () C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk
2014-03-29 02:03 - 2011-11-27 21:59 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-03-23 04:04 - 2013-12-20 16:34 - 00000000 ____D () C:\Users\R\AppData\Local\Battle.net
2014-03-23 02:51 - 2013-12-20 16:36 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-23 02:48 - 2013-12-20 16:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-19 22:21 - 2014-03-19 22:21 - 02815713 _____ () C:\Users\R\Documents\Bez názvu.wma
2014-03-19 16:30 - 2014-03-19 16:30 - 00000000 ____D () C:\ProgramData\Steam
2014-03-19 16:07 - 2014-03-19 16:07 - 00000000 ____D () C:\Program Files (x86)\Total War Rome II CZ
2014-03-19 03:04 - 2013-07-12 06:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:00 - 2011-09-04 18:58 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 20:05 - 2014-03-01 02:39 - 00000000 ____D () C:\Users\test\AppData\Local\CrashDumps
2014-03-17 05:46 - 2014-03-17 05:46 - 00000000 ____D () C:\Users\R\Documents\LucasArts
2014-03-17 05:46 - 2014-03-17 05:46 - 00000000 ____D () C:\Users\R\AppData\Local\LucasArts
2014-03-17 01:27 - 2014-03-17 01:27 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2014-03-16 20:17 - 2014-03-16 20:16 - 00000000 ____D () C:\Users\R\Desktop\Maturitní ples 2POA
2014-03-16 19:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-16 18:35 - 2014-03-16 18:29 - 736757760 _____ () C:\Users\R\Documents\KOPACKY-2008-KOMEDIE-CZ-DABING.avi
2014-03-16 15:37 - 2014-03-16 15:32 - 774180380 _____ () C:\Users\R\Documents\Silent-Hill-2006.CZ-dab.avi
2014-03-15 16:47 - 2013-03-10 17:43 - 00000000 ____D () C:\Windows\Minidump
2014-03-15 16:47 - 2012-04-16 19:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-15 10:47 - 2009-07-14 07:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-14 23:06 - 2011-09-05 22:42 - 00000000 ____D () C:\Users\R\AppData\Local\CrashDumps
2014-03-13 19:16 - 2011-09-02 18:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-12 05:41 - 2011-08-16 13:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-12 05:39 - 2011-11-02 01:44 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-12 05:39 - 2010-11-21 09:16 - 00000000 ____D () C:\Windows\ShellNew
2014-03-12 05:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-11 22:39 - 2012-06-25 10:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 22:39 - 2012-06-25 10:10 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:39 - 2011-12-18 13:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 23:04 - 2014-03-09 23:04 - 00044752 _____ () C:\Users\R\Downloads\stažený soubor (4).htm
2014-03-09 22:48 - 2014-03-09 22:48 - 00044518 _____ () C:\Users\R\Downloads\stažený soubor (3).htm
2014-03-09 22:48 - 2014-03-09 22:48 - 00044518 _____ () C:\Users\R\Downloads\stažený soubor (2).htm
2014-03-09 22:43 - 2014-03-09 22:43 - 00058450 _____ () C:\Users\R\Downloads\viewforum (4).htm
2014-03-09 22:34 - 2014-03-09 22:34 - 00031929 _____ () C:\Users\R\Downloads\stažený soubor (1).htm
2014-03-09 22:34 - 2014-03-09 22:34 - 00013767 _____ () C:\Users\R\Downloads\forum (1).htm
2014-03-09 21:45 - 2014-03-09 21:45 - 00031070 _____ () C:\Users\R\Downloads\viewforum.htm
2014-03-09 21:45 - 2014-03-09 21:45 - 00025344 _____ () C:\Users\R\Downloads\viewforum (3).htm
2014-03-09 21:45 - 2014-03-09 21:45 - 00025344 _____ () C:\Users\R\Downloads\viewforum (2).htm
2014-03-09 21:45 - 2014-03-09 21:45 - 00025344 _____ () C:\Users\R\Downloads\viewforum (1).htm
2014-03-09 16:06 - 2014-03-09 16:06 - 00042188 _____ () C:\Users\R\Downloads\stažený soubor.htm
2014-03-09 14:06 - 2014-03-09 14:06 - 00042553 _____ () C:\Users\R\Downloads\index (6).php
2014-03-09 14:06 - 2014-03-09 14:06 - 00042553 _____ () C:\Users\R\Downloads\index (5).php
2014-03-09 14:06 - 2014-03-09 14:06 - 00042553 _____ () C:\Users\R\Downloads\index (4).php
2014-03-09 14:06 - 2014-03-09 14:06 - 00042553 _____ () C:\Users\R\Downloads\index (3).php
2014-03-09 14:06 - 2014-03-09 14:06 - 00042553 _____ () C:\Users\R\Downloads\index (2).php
2014-03-09 14:03 - 2014-03-09 14:03 - 00041975 _____ () C:\Users\R\Downloads\index.php
2014-03-09 14:03 - 2014-03-09 14:03 - 00041975 _____ () C:\Users\R\Downloads\index (1).php
2014-03-09 01:16 - 2014-03-09 01:16 - 00956137 _____ () C:\Users\R\Downloads\pc_budik_2012.zip
2014-03-09 01:16 - 2014-03-09 01:16 - 00956137 _____ () C:\Users\R\Downloads\pc_budik_2012 (1).zip
2014-03-07 12:38 - 2014-03-07 12:38 - 00048406 _____ () C:\Users\R\Downloads\viewtopic (1).htm
2014-03-06 20:43 - 2014-03-06 20:43 - 00042627 _____ () C:\Users\R\Downloads\viewtopic.htm
2014-03-06 19:26 - 2014-03-06 19:26 - 00013767 _____ () C:\Users\R\Downloads\forum.htm

Files to move or delete:
====================
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 05:46

==================== End Of Log ============================

[Novatera]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by R at 2014-04-05 22:56:04
Running from C:\Users\R\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aktualizace NVIDIA 1.7.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.12 - NVIDIA Corporation)
Assassin's Creed (R) III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.3 - EA Digital Illusions CE AB)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
Call of Duty(R) 2 (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) 2 Patch 1.3 (x32 Version: 1.3 - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
CZShare Manager (HKCU\...\7f4182272b52fd8f) (Version: 0.0.1.35 - CZShare)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Darksiders II (HKLM-x32\...\Darksiders II_is1) (Version: - )
DC Universe Online (HKCU\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)
Dead Space™ 2 (HKLM-x32\...\{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}) (Version: 1.0.941.0 - Electronic Arts)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Far Cry 3 v1.01 (HKLM-x32\...\Far Cry 3_is1) (Version: 1.01 - Ubisoft)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flame Painter 1.2 (HKLM-x32\...\Flame Painter_is1) (Version: 1.1 - Peter Blaskovic)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
GamePark (HKLM-x32\...\GameParkClient_is1) (Version: - GamePark)
GamePark klient 2.0.9.0 (HKLM\...\{52E5D8A7-B129-4A29-AD4B-EBB749DCC3A3}_is1) (Version: 2.0.9.0 - GamePark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Graffiti Studio 2.0 (HKLM-x32\...\Graffiti Studio 2.0_is1) (Version: - Less Rain)
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HeavyLoad V3.2 (HKLM-x32\...\HeavyLoad_is1) (Version: 3.2 - JAM Software)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman Absolution (HKLM-x32\...\Hitman Absolution_is1) (Version: - )
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
Hunting Unlimited 2008 (HKLM-x32\...\{C5B6BA27-AAFB-4699-8014-8ACBA8A79679}_is1) (Version: 1.0 - US - ACTION, s.r.o.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ICQ 5.1 (HKLM-x32\...\ICQLite) (Version: - )
ICQ Toolbar (HKLM-x32\...\XTTB00001.XTTB00001Toolbar) (Version: - )
ICQ6 (HKLM-x32\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.00.0000 - ICQ)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Loki (HKLM-x32\...\{A10622B1-95F6-469E-8836-50E27B7398C9}_is1) (Version: 1.0 - US - ACTION, s.r.o.)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.7.6.7 - www.leaguereplays.com)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware verze 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
Max Payne 3 version 1.02 (HKLM-x32\...\{75D84EF7-0D8C-4e70-MAXP3-7B42A5D4E0EB}_is1) (Version: 1.02 - Black_Box)
Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Media Player Classic - Home Cinema v1.5.2.3456 x64 (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MorphVOX Pro (HKLM-x32\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 6 Demo (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version: - )
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA Ovladač řídící jednotky 3D Vision 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.62 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 296.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.28 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA Systémový software PhysX 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{1E0AF527-0B8E-4F8A-BA27-CB3C359998C6}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 296.28 (Version: 296.28 - NVIDIA Corporation) Hidden
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
PAYDAY 2 (HKLM-x32\...\PAYDAY 2_is1) (Version: - 505 Games)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
REACTOR (HKLM-x32\...\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}) (Version: 1.00.0000 - ijji)
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.9.5 - Rockstar Games)
ShiftWindow 1.02 (HKLM-x32\...\ShiftWindow_is1) (Version: - Grismar)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Smite Closed Beta (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.944.1 - Hi-Rez Studios)
Sniper Elite V2 (HKLM-x32\...\Sniper Elite V2_is1) (Version: - )
Sound Blaster Tactic(3D) Sigma (HKLM-x32\...\{93CFCA51-4484-4211-89EB-39ED3CBDBEB1}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Sql Server Customer Experience Improvement Program (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Star Wars: The Force Unleashed 2 (HKLM-x32\...\Star Wars: The Force Unleashed 2_is1) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH)
The Battle for Middle-earth (tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version: - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd)
Tombraider (HKLM-x32\...\Tombraider_is1) (Version: - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Total War Rome II CZ version 1.0.0. (HKLM-x32\...\{C2872E18-8799-44A3-B6BD-AC535F1982A6}_is1) (Version: 1.0.0. - )
Trine 2 (HKLM-x32\...\Trine 2_is1) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 9.0 (HKLM-x32\...\{6E5AB107-172B-4F17-8ABB-357C59EF1B08}) (Version: 9.0.704 - Sony)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.0 - WebM Project)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
XSplit (HKLM-x32\...\{15C49338-59E5-472E-94F7-D5AE15EE23C9}) (Version: 1.0.1206.0203 - SplitMediaLabs)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points =========================

30-03-2014 16:02:52 Operace obnovení
30-03-2014 18:33:00 Windows Update
04-04-2014 13:10:59 Windows Update
05-04-2014 20:24:59 OTL Restore Point - 4/5/2014 10:24:59 PM

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-04-05 22:24 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {08296921-43E2-490E-AE30-EC0E81798F6F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {084AB0E2-5163-4A6F-AF19-357B91DF0EE4} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TunnelBear.exe
Task: {0B516FDF-8939-4C7A-8EA6-480066F565D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19] (Google Inc.)
Task: {447451A6-CB18-49B8-A0DA-C74F1EB093D0} - System32\Tasks\HP online update program => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard)
Task: {5C782F4F-66B4-4806-890B-CD2B31903241} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-22] (CyberLink)
Task: {6C210A35-C72B-45B3-9B8E-00936CB6C37E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-19] (Google Inc.)
Task: {716A17C0-7060-4127-A36F-DBE2104B7BA1} - System32\Tasks\HPCeeScheduleForR => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {8E1D4C54-8962-4A82-A649-AFD7068EF0FE} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17] (Sun Microsystems, Inc.)
Task: {9E87C9B5-9A7C-4DA4-A93B-A30AE055B7D5} - System32\Tasks\{3C3FE096-1E8C-45C7-8902-766E635B9F2A} => Chrome.exe http://ui.skype.com/ui/0/5.10.0.116/cs/ ... Error=1603
Task: {A6EFE18D-F22A-460C-8F6C-336FACFC60BC} - System32\Tasks\AdobeAAMUpdater-1.0-R-HP-R => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {D99AD689-4090-4E45-BE12-E33F92CD4F0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {DE7C07D8-8D0D-4DE8-8B3C-9F81DAE9A532} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F4083131-E534-4776-933E-BF8F8A6B6BB6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
Task: {F8E8D530-7B3A-4664-9AD3-14FA3BEC1DC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-03-25] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForR.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-09-10 12:17 - 2013-09-01 12:33 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-11 22:39 - 2014-03-11 22:39 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: IMFservice => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: PanService => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk => C:\Windows\pss\GamePark klient 2.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: 1a92553fc3706c469bd5c78793b2aa21 => "C:\Users\R\AppData\Local\Temp\FlashPlayerPlugin_11_9_900_117.exe" ..
MSCONFIG\startupreg: 6ee4f606bfbd1a4c62361754fecafaa2 => "C:\Users\R\AppData\Local\Temp\interrupts.exe" ..
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ6\ICQ.exe" silent
MSCONFIG\startupreg: ICQ Lite => "L:\Icq\ICQLite\ICQLite.exe" -minimize
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: PCSpeedUp => C:\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.lnk
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: SDP => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\R\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\R\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2014 10:27:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 09:12:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 09:05:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 00:19:03 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: AUDIODG.EXE, verze: 6.1.7601.17514, časové razítko: 0x4ce7abf9
Název chybujícího modulu: AESTAC64.dll, verze: 2.0.64.14, časové razítko: 0x4bb50c00
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000019b3d
ID chybujícího procesu: 0xf5c
Čas spuštění chybující aplikace: 0xAUDIODG.EXE0
Cesta k chybující aplikaci: AUDIODG.EXE1
Cesta k chybujícímu modulu: AUDIODG.EXE2
ID zprávy: AUDIODG.EXE3

Error: (04/05/2014 10:16:05 AM) (Source: ESENT) (User: )
Description: taskhost (2296) WebCacheLocal: Při otevírání souboru protokolu C:\Users\R\AppData\Local\Microsoft\Windows\WebCache\V0100055.log došlo k chybě -1811.

Error: (04/05/2014 10:09:30 AM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error: (04/05/2014 10:05:20 AM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"1 se nezdařilo.
Závislé sestavení Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (04/05/2014 09:24:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 00:10:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 00:07:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/05/2014 10:28:35 PM) (Source: Service Control Manager) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (04/05/2014 10:28:35 PM) (Source: Service Control Manager) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (04/05/2014 10:23:54 PM) (Source: Service Control Manager) (User: )
Description: Služba Creative Audio Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/05/2014 09:57:43 PM) (Source: Service Control Manager) (User: )
Description: Služba Easybits Services for Windows byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/05/2014 09:13:28 PM) (Source: Service Control Manager) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (04/05/2014 09:13:28 PM) (Source: Service Control Manager) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (04/05/2014 09:05:58 PM) (Source: Service Control Manager) (User: )
Description: Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (04/05/2014 09:05:58 PM) (Source: Service Control Manager) (User: )
Description: Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%1330

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (04/05/2014 09:02:51 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/05/2014 09:02:49 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 4076.32 MB
Available physical RAM: 2390.07 MB
Total Pagefile: 8150.83 MB
Available Pagefile: 6363.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.56 GB) (Free:258.62 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.85 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D989473B)

Partition: GPT Partition Type.

==================== End Of Log ============================

[Novatera]

Háčky fungují

V těch logách jsem si všiml dost zmínek o Advanced Systém Care -- Jak se jej na dobro zbavit tak aby zněho nic v PC nezůstalo ? ( Odinstalloval jsem všechny Iobit moduly přes ccleaner )
Zatím žádné problémy neregistruji Dá se tedy říct že máme vyhráno a PC je odvirován ?

[motji]

Co uvidím od IObit, smažu.Vydržte chvilku, pracuji na dalším skriptu, ještě tam mrška je.

tyto soubory znáte?
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg

A tuto složku znáte?
C:\Users\R\Desktop\afsafs

[Novatera]

ty dva soubory neznám

Složku Afsaf znám, používám jí jako úložiště pro stažené soubory

[Novatera]

( Ten zvláštní název bych přirovnal k "aokwpfokm" prostě plácnete ruce na klávesnici a dáte enter - Ne prostě nemůžu si pojmenovat složku jako normální člověk )

[motji]

Aha . No já se ptám hlavně proto, že jsem asi před týdnem řešila přes vzdálenu správu stejný problém, a tak se složka taky jmenovala dost zvláštně

Odinstalujte spybot a destroy


Otevřete si Notepad a zkopírujte do něj:

S1 tgabgvnb; No ImagePath
S1 twprlugc; No ImagePath
S1 tzmeppsq; No ImagePath
S1 ufktitac; No ImagePath
S1 scjuwzdg; No ImagePath
S1 nvagnqts; No ImagePath
S1 blmrinyk; No ImagePath
S1 crhazelt; No ImagePath
S1 ehjpujev; No ImagePath
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S1 kpcvdoxk; No ImagePath
C:\Program Files\Enigma Software Group\SpyHunter
CHR Extension: (Ads Removal) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-25]
CHR Extension: (No Name) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2014-01-03]
CHR Extension: (Skype Click to Call) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-22]
CHR Extension: (Peněženka Google) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
SearchScopes: HKLM - {5F3F9639-E5E6-4C72-92D2-32A40E19016D} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKCU - 9665500415544EE59F4093BA1D2C27F8 URL = http://search.yahoo.com/search?fr=chr-g ... =198484&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKU\S-1-5-21-93735815-1299707322-140628041-1000\...\Run: [1a92553fc3706c469bd5c78793b2aa21] - "C:\Users\R\AppData\Local\Temp\FlashPlayerPlugin_11_9_900_117.exe"
C:\Users\R\AppData\Local\Temp\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\Tasks\ImCleanDisabled
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0C
C:\Program Files\LockHunter
C:\ProgramData\IObit
C:\ProgramData\ProductData
C:\Users\R\AppData\Local\SCE
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

-Uložte jako fixlist.txt.
-FRST vložte do složky s názvem FRST, do ní vložte i Fixlist.
- Spusťte znovu FRST, a klikněte na FIX
- proběhne oprava a zobrazí se log, který vložíte zde. Pc se restartuje, nebo ho restartujte Vy.