1place.org a hotspotaward malware - mlok123

Zpráva

mlok123 · #1 Příspěvek od **mlok123** » 16 úno 2014 17:33

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Pepík [Práva správce]
Mód : Kontrola -- Datum : 02/16/2014 17:23:05
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH] PirritService.exe -- C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritService.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] PirritDesktop.exe -- C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritDesktop.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-21-1287240520-3546684594-2801232195-1004\[...]\Run : IcqUpdater ("C:\Users\Pepa\AppData\Local\Temp\IcqUpdater.exe" upgrade 4620 Global\MMutexLib_Global_AppInstance_YzpcdXNlcnNccGVwYVxhcHBkYXRhXHJvYW1pbmdcaWNxXGFwcGxpY34xXGljcTcuMFxpY3EuZXhl "C:\Users\Pepa\AppData\Local\Temp\abd2bca3e572e998a09f73c81b93454a.exe" "C:\Users\Pepa\AppData\Roaming\ICQ\APPLIC~1\ICQ7.0\ICQ.exe upgrade=abd2bca3e572e998a09f73c81b93454a restart=True parentpid=4736 loginmode=2 sname=368874230 pwdhash=LoKb1xFPurT1xx7d53eqDC6Cm9cRT7q09cce3ed3qgw= logindata=AAEA3CUyRndRQUFBQUFBSUU3c09ReTF4OVB2eGx1YjVkTzJWR1hXQ25Fcnc3V2xmcUpEdXN6MUg4MDdySHNJM0hQeFU4WSUyRmw0aVBzd21YMThoNzdOWDRGYmtGQnNSRkJNWUw3WHBlT2RTSXl5aSUyRnBJJTJGUlhUSWNTR0tGN0NKUUIlMkJYZm1pM0hlQ3dyY09wUzdBaVhJQ1RTcDdjT0tCMG14elJrbGhMakJKMnk5VEw0dnFPSSUyQnByeTZPY1JOZndac0xmJTJCeHIzMSUyQnFBV0ElM0QlM0QAAgAsbVdKWTRpdWE4K3lBZjRYQkVCSjgvbUtNdTNpN3BQVisrODVvS2lOdkNxUT0= status=1 visibility=4 noupdate=1" autorun [7][x][x][7][x][x]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-1287240520-3546684594-2801232195-1004\[...]\Run : AVG-Secure-Search-Update_0214c (C:\Users\Pepa\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=ddcf541c01a947d69291cd2623d90218-acc1f19c9fa1aff772ff2113827237469af6d597 /CMPID=0214c [-][x]) -> NALEZENO
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=hxxp://127.0.0.1:9880 [Country: , City: ]) -> NALEZENO
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs ( C:\PROGRA~3\WinTurbo\WINTUR~1.DLL [-]) -> NALEZENO

¤¤¤ naplánované úlohy : 2 ¤¤¤
[V2][SUSP UNIC] {6AF74EE2-15BE-43A2-93DA-FCBD2A267407} : C:\Users\Pepa\Desktop\Nová složka\SKIDROW\BlackOps.exe [x] -> NALEZENO
[V2][SUSP UNIC] {8F35CA7C-CDA2-4394-848A-168B4A8399FA} : C:\Users\Pepa\Desktop\Nová složka\SKIDROW\BlackOps.exe [x] -> NALEZENO

¤¤¤ spuštění položky : 1 ¤¤¤
[Pepa][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk : C:\Users\Pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [-] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : Mal.Hosts ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

216.239.32.20 google.com http://www.google.com --> Potentially malicious!

216.239.32.20 google.com http://www.google.com
216.239.32.20 google.com http://www.google.ad
216.239.32.20 google.com http://www.google.ae
216.239.32.20 google.com http://www.google.com.af
216.239.32.20 google.com http://www.google.com.ag
216.239.32.20 google.com http://www.google.com.ai
216.239.32.20 google.com http://www.google.al
216.239.32.20 google.com http://www.google.am
216.239.32.20 google.com http://www.google.co.ao
216.239.32.20 google.com http://www.google.com.ar
216.239.32.20 google.com http://www.google.as
216.239.32.20 google.com http://www.google.at
216.239.32.20 google.com http://www.google.com.au
216.239.32.20 google.com http://www.google.az
216.239.32.20 google.com http://www.google.ba
216.239.32.20 google.com http://www.google.com.bd
216.239.32.20 google.com http://www.google.be
216.239.32.20 google.com http://www.google.bf
216.239.32.20 google.com http://www.google.bg
216.239.32.20 google.com http://www.google.com.bh
[...]

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD64 02AAEX-00Y9A0 SCSI Disk Device +++++
--- User ---
[MBR] 832c03e36d31caa89da422644c3b258a
[BSP] a4f89372b2f204d614bbe360df4bfa7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 602474 Mo
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1233868800 | Size: 8000 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Nesprávná funkce. )

Dokončeno : << RKreport[0]_S_02162014_172305.txt >>

#2 Příspěvek od **vyosek** » 17 úno 2014 12:16

Zdravim

Prispevek jsem vam oddelil - do cizich temat se nevetsupuje

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

mlok123 · #3 Příspěvek od **mlok123** » 17 úno 2014 17:25

Omlouvám se že sem se vecpal kam sem neměl

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pepík at 2014-02-17 17:13:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 378 GB (63%) free of 602 GB
Total RAM: 4087 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:14:45, on 17.2.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MultiScreen\MultiScreen.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Pepík.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pepík\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Pepík\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [MyDriveConnect.exe] "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1287240520-3546684594-2801232195-1004\..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe (User 'Pepa')
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - S-1-5-21-1287240520-3546684594-2801232195-1004 Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (User 'Pepa')
O4 - S-1-5-21-1287240520-3546684594-2801232195-1004 User Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (User 'Pepa')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Správce úloh aplikace Autodesk Simulation Moldflow MITSI 2014 (mitsijm2014) - Autodesk, Inc. - C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PirritDesktop - Unknown owner - C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritService.exe
O23 - Service: PirritUpdater - Unknown owner - C:\Program Files (x86)\Pirrit\AutoUpdater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PS3 Media Server - Tanuki Software, Ltd. - C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13748 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=768d8d67-1b79-4e5b-8fac-9f4255b68805 /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\b6e32208-7d78-453b-84d3-385a24496878-198-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
"C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe"
"C:\Program Files (x86)\Pirrit\AutoUpdater.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe" -s "C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.conf" wrapper.console.flush=true wrapper.internal.namedpipe=2498211989
\??\C:\Windows\system32\conhost.exe "1344741379-1694083152887947364-349274854-6118703461832998458-17708162081325616166
"C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2612
"C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgemca.exe"
"C:\Windows\system32\java.exe" -Djava.encoding=UTF-8 -Djava.net.preferIPv4Stack=true -Dstart.service=true -Xmx768m -Djava.library.path="win32/service/" -classpath "win32/service/wrapper.jar;pms.jar" -Dwrapper.key="mPvv4LOsKBT_J92M" -Dwrapper.port=32000 -Dwrapper.jvm.port.min=31000 -Dwrapper.jvm.port.max=31999 -Dwrapper.pid=2244 -Dwrapper.version="3.5.9" -Dwrapper.native_library="wrapper" -Dwrapper.service="TRUE" -Dwrapper.cpu.timeout="10" -Dwrapper.jvmid=1 org.tanukisoftware.wrapper.WrapperSimpleApp net.pms.PMS
"taskhost.exe"
"C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\MultiScreen\MultiScreen.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\CORE-STATIC\CCC.exe" 0
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe /pipeName=db28527f-1368-445f-a5de-0b148372f01f /coreSdkOptions=4114 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\c4cd1666-0023-4251-87e3-cf037cebb977-b58-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\"
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-eb88a5f8-0038-4043-8096-3000e8cc4340 -SystemEventPortName:HostProcess-638f797b-8b10-4bd3-8045-d1820b40b55b -IoCancelEventPortName:HostProcess-78c43cb2-8191-48b9-bdd4-1712ac69025e -NonStateChangingEventPortName:HostProcess-349a1846-5b95-4591-b933-fb19a5172848 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e0f9db9d-c1ae-4acd-87dd-ad589ff4b851 -DeviceGroupId:WpdFsGroup
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
taskeng.exe {EA477FEB-6B92-4435-B6EE-C0D0302832BD}
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
taskeng.exe {CEA495D8-EAEE-417A-8C09-B97D37DF592A}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5800.0.1915518528\1990503142" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23 --gpu-vendor-id=0x1002 --gpu-device-id=0x68d8 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=12.104.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/EnableZeroSuggest_R5_Stable_Experiment/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group18 pct:1i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --extension-process --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="5800.2.1555864521\1185613585" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/EnableZeroSuggest_R5_Stable_Experiment/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group18 pct:1i stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="5800.7.336264045\976975867" /prefetch:673131151
"C:\Users\Pepa\Downloads\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001UA.job
C:\Windows\tasks\Norton Security Scan for Pepa.job
C:\Windows\tasks\Norton Security Scan for Pepík.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pepík\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440

prefs.js - "browser.startup.homepage" - "google.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.44 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3]
"Description"=RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3]
"Description"=RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3]
"Description"=RealNetworks(tm) RealDownloader Peppe rFlash Video Shim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@realnetworks.com/npdlplugin;version=1]
"Description"=RealDownloader Plugin
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.43 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\components\
nsIBitCometAgent.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npBitCometAgent.dll
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
nprpplugin.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Pepík\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440\extensions\
7cu2fml@uueytcj.co.uk
yojb@uiaoiui.edu

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-11-20 6270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2013-11-20 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}]
IEExtension.Extension - C:\Windows\system32\mscoree.dll [2010-11-05 444752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-08-26 12681320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Pepík\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 136176]
"Akamai NetSession Interface"=C:\Users\Pepík\AppData\Local\Akamai\netsession_win.exe [2013-06-05 4489472]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2013-02-05 1081224]
"MyDriveConnect.exe"=C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [2013-11-29 473496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIGABYTEMOUSE]
C:\Program Files (x86)\GIGABYTE\GIGABYTE Sim\Mouse.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiScreen]
C:\Program Files (x86)\MultiScreen\MultiScreen.exe [2009-08-11 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files (x86)\real\realplayer\Update\realsched.exe [2013-09-30 295512]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ROC_roc_dec12"=C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"ROC_ROC_JULY_P1"=C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe / /PROMPT /CMPID=ROC_JULY_P1 []
"ROC_roc_ssl_v12"=C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe / /PROMPT /CMPID=roc_ssl_v12 []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-03-28 642656]
"TkBellExe"=c:\program files (x86)\real\realplayer\Update\realsched.exe [2013-09-30 295512]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2014-01-22 4962320]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]

C:\Users\Pepík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll
"vidc.lags"=lagarith.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2014-02-17 17:13:48 ----D---- C:\rsit
2014-02-17 17:13:48 ----D---- C:\Program Files\trend micro
2014-02-16 11:33:34 ----D---- C:\Program Files (x86)\Windows Phone
2014-02-16 11:28:50 ----D---- C:\ProgramData\Applications
2014-02-16 10:19:12 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-02-12 21:24:50 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-02-12 21:24:50 ----A---- C:\Windows\system32\vbscript.dll
2014-02-12 21:24:14 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-02-12 21:24:13 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-02-12 21:24:13 ----A---- C:\Windows\system32\msrating.dll
2014-02-12 21:24:13 ----A---- C:\Windows\system32\ieui.dll
2014-02-12 21:24:12 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-02-12 21:24:12 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-02-12 21:24:12 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-02-12 21:24:12 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-02-12 21:24:12 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-12 21:24:12 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-12 21:24:12 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-12 21:24:12 ----A---- C:\Windows\system32\iernonce.dll
2014-02-12 21:24:12 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 21:24:12 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-12 21:24:11 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-02-12 21:24:11 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-02-12 21:24:11 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-02-12 21:24:11 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-02-12 21:24:11 ----A---- C:\Windows\system32\mshtml.dll
2014-02-12 21:24:11 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-12 21:24:11 ----A---- C:\Windows\system32\iesetup.dll
2014-02-12 21:24:11 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-12 21:24:11 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-12 21:24:10 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-02-12 21:24:10 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-02-12 21:24:10 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-02-12 21:24:10 ----A---- C:\Windows\system32\wininet.dll
2014-02-12 21:24:10 ----A---- C:\Windows\system32\urlmon.dll
2014-02-12 21:24:10 ----A---- C:\Windows\system32\iertutil.dll
2014-02-12 21:24:10 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-12 21:24:09 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-02-12 21:24:09 ----A---- C:\Windows\system32\ieframe.dll
2014-02-12 21:24:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-02-12 21:24:08 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-02-12 21:24:08 ----A---- C:\Windows\system32\jscript9.dll
2014-02-12 14:01:48 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-02-12 14:01:48 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-02-12 14:01:48 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-12 14:01:48 ----A---- C:\Windows\system32\msxml3.dll
2014-02-12 14:01:38 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-02-12 14:01:38 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-02-12 14:01:38 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-02-12 14:01:38 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-02-12 14:01:38 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-02-12 14:01:38 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-12 14:01:38 ----A---- C:\Windows\system32\secproc.dll
2014-02-12 14:01:38 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 14:01:38 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 14:01:38 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-12 14:01:38 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-12 14:01:37 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-02-12 14:01:37 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-02-12 14:01:37 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-02-12 14:01:37 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-02-12 14:01:37 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 14:01:37 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-12 14:01:37 ----A---- C:\Windows\system32\msdrm.dll
2014-02-12 14:01:26 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-02-12 14:01:26 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-02-12 14:01:26 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-12 14:01:26 ----A---- C:\Windows\system32\d2d1.dll
2014-01-30 18:18:19 ----D---- C:\ProgramData\AVG Security Toolbar
2014-01-20 18:47:04 ----D---- C:\Users\Pepík\AppData\Roaming\Apple Computer
2014-01-18 16:23:13 ----D---- C:\ProgramData\Apple Computer
2014-01-18 16:23:13 ----D---- C:\Program Files (x86)\QuickTime
2014-01-18 16:21:35 ----D---- C:\ProgramData\Apple
2014-01-18 16:21:35 ----D---- C:\Program Files (x86)\Apple Software Update
2014-01-18 16:05:47 ----D---- C:\Program Files\Sony
2014-01-18 11:01:23 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2014-01-18 11:01:23 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-01-18 11:01:23 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-01-18 11:01:23 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-01-18 11:01:23 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-01-18 11:01:23 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-01-18 11:01:23 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-01-18 11:01:22 ----A---- C:\Windows\system32\win32k.sys
2014-01-18 11:01:21 ----A---- C:\Windows\system32\drivers\netio.sys

======List of files/folders modified in the last 1 month======

2014-02-17 17:14:17 ----D---- C:\Windows\Temp
2014-02-17 17:13:59 ----D---- C:\Windows\Prefetch
2014-02-17 17:13:48 ----RD---- C:\Program Files
2014-02-17 16:59:06 ----D---- C:\ProgramData\MFAData
2014-02-17 16:58:47 ----D---- C:\Windows\system32\config
2014-02-17 16:55:16 ----D---- C:\Windows\system32\Tasks
2014-02-17 16:53:13 ----D---- C:\Program Files (x86)\PS3 Media Server
2014-02-16 18:22:04 ----D---- C:\Windows\System32
2014-02-16 18:22:04 ----D---- C:\Windows\inf
2014-02-16 18:22:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-02-16 17:48:18 ----D---- C:\Windows\system32\drivers
2014-02-16 12:47:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 12:13:29 ----D---- C:\Program Files (x86)
2014-02-16 12:00:13 ----SHD---- C:\Windows\Installer
2014-02-16 12:00:11 ----SHD---- C:\Config.Msi
2014-02-16 12:00:06 ----D---- C:\ProgramData\ABBYY
2014-02-16 11:58:56 ----SHD---- C:\System Volume Information
2014-02-16 11:28:50 ----HD---- C:\ProgramData
2014-02-16 09:50:09 ----D---- C:\Windows\SysWOW64
2014-02-15 14:38:33 ----D---- C:\Windows\system32\MRT
2014-02-15 14:38:29 ----A---- C:\Windows\system32\MRT.exe
2014-02-14 18:29:29 ----D---- C:\Users\Pepík\AppData\Roaming\Mozilla
2014-02-14 13:09:56 ----D---- C:\Windows\system32\catroot
2014-02-14 13:09:55 ----D---- C:\Windows\system32\DriverStore
2014-02-13 15:44:48 ----D---- C:\Windows\rescache
2014-02-13 15:19:33 ----D---- C:\Windows\Microsoft.NET
2014-02-13 15:11:18 ----RSD---- C:\Windows\assembly
2014-02-13 14:35:58 ----RD---- C:\Program Files (x86)\Skype
2014-02-13 14:35:56 ----D---- C:\ProgramData\Skype
2014-02-12 22:26:59 ----D---- C:\Windows\winsxs
2014-02-12 22:23:12 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-02-12 22:23:12 ----D---- C:\Windows\system32\cs-CZ
2014-02-12 22:23:10 ----D---- C:\Program Files\Internet Explorer
2014-02-12 22:23:10 ----D---- C:\Program Files (x86)\Internet Explorer
2014-02-12 21:28:59 ----D---- C:\ProgramData\Microsoft Help
2014-02-12 21:27:08 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-02-12 21:24:26 ----D---- C:\Windows\system32\catroot2
2014-02-10 17:28:00 ----D---- C:\Windows\Minidump
2014-02-10 17:27:40 ----D---- C:\Windows
2014-02-05 20:10:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-01-30 21:58:36 ----D---- C:\Program Files (x86)\Common Files
2014-01-30 18:18:52 ----D---- C:\Windows\Tasks
2014-01-18 16:05:47 ----D---- C:\ProgramData\Sony
2014-01-18 16:05:01 ----D---- C:\Users\Pepík\AppData\Roaming\Sony
2014-01-18 10:50:26 ----D---- C:\Windows\system32\wfp
2014-01-18 10:50:26 ----D---- C:\Windows\system32\NDF
2014-01-18 10:50:25 ----D---- C:\Windows\system32\CodeIntegrity
2014-01-18 10:50:24 ----D---- C:\Windows\AppCompat
2014-01-18 10:50:16 ----D---- C:\Windows\system32\wbem
2014-01-18 10:50:16 ----D---- C:\Windows\registration
2014-01-18 10:49:52 ----D---- C:\ProgramData\Real

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-11-25 196376]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-10-01 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-09-10 31544]
R0 mv91xx;mv91xx; C:\Windows\system32\DRIVERS\mv91xx.sys [2010-03-17 302632]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2013-11-25 150808]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2013-09-26 57144]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-11-25 243480]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-08-01 251192]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-03-29 11658752]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-03-29 581120]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2009-02-17 17792]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-02-14 96768]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver; C:\Windows\system32\drivers\ATKDispLowFilter.sys [2009-02-17 39424]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-08-30 3069032]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 73728]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 178688]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-01-20 868848]
S1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys []
S1 prodrv03;Star Force copy protection driver v3; C:\Windows\System32\drivers\prodrv03.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-03-29 11658752]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [2012-03-25 115272]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-07-06 367976]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2011-12-07 74960]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-03-29 241152]
R2 ATKFUSService;ATK Fast User Switch Service; C:\Windows\system32\ATKFUSService.exe [2009-12-01 63488]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-09-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-01-22 3788816]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-09-24 348008]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-01-03 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-01-03 1748640]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-26 8704]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 mitsijm2014;Správce úloh aplikace Autodesk Simulation Moldflow MITSI 2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [2013-01-25 952608]
R2 PirritUpdater;PirritUpdater; C:\Program Files (x86)\Pirrit\AutoUpdater.exe [2014-02-14 59904]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-05-10 76888]
R2 PS3 Media Server;PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
S2 PirritDesktop;PirritDesktop; C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritService.exe [2014-02-14 52568]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05 257928]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-11-23 1471352]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-02-16 118896]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-10-09 565672]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-25 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 18 úno 2014 14:53

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

mlok123 · #5 Příspěvek od **mlok123** » 18 úno 2014 20:41

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Pepík [Práva správce]
Mód : Odebrat -- Datum : 02/18/2014 20:38:49
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH] PirritService.exe -- C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritService.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] PirritDesktop.exe -- C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritDesktop.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[SHELL][HJNAME] HKLM\[...]\Winlogon : shell (explorer.exe [7]) -> NAHRAZENO (explorer.exe)
[SHELL][HJNAME] HKLM\[...]\Wow6432Node\[...]\Winlogon : shell (explorer.exe [7]) -> NAHRAZENO (explorer.exe)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD64 02AAEX-00Y9A0 SCSI Disk Device +++++
--- User ---
[MBR] 832c03e36d31caa89da422644c3b258a
[BSP] a4f89372b2f204d614bbe360df4bfa7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 602474 Mo
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1233868800 | Size: 8000 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Nesprávná funkce. )

Dokončeno : << RKreport[0]_D_02182014_203849.txt >>
RKreport[0]_S_02182014_203723.txt

mlok123 · #6 Příspěvek od **mlok123** » 18 úno 2014 20:42

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Pepík [Práva správce]
Mód : Oprava HOSTS -- Datum : 02/18/2014 20:41:50
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 2 ¤¤¤
[SUSP PATH] PirritService.exe -- C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritService.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] PirritDesktop.exe -- C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritDesktop.exe [7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[0]_H_02182014_204150.txt >>
RKreport[0]_D_02182014_203849.txt;RKreport[0]_S_02182014_203723.txt

#7 Příspěvek od **vyosek** » 18 úno 2014 20:56

Jeste poprosim o Zoek

mlok123 · #8 Příspěvek od **mlok123** » 18 úno 2014 21:19

Zoek.exe v5.0.0.0 Updated 17-February-2014
Tool run by Pepˇk on Łt 18.02.2014 at 20:46:39,87.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pepa\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18.2.2014 20:49:59 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1001\Software\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1005\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1005\Software\Microsoft\Internet Explorer\Approved Extensions\{707db484-2428-402d-afb5-d85b387544c7} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PirritUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PirritUpdater deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.search.ask.com/?tpid=SGT-V7& ... 11-24&psv=");
user_pref("browser.search.defaulturl", "http://search.icq.com/search/afe_result ... r=1.2.9&q=");
user_pref("browser.search.defaultenginename", "Ask Search");
user_pref("browser.search.defaultengine", "Ask Search");
user_pref("browser.search.selectedEngine", "Ask Search");
user_pref("browser.search.order.1", "Ask Search");
user_pref("keyword.URL", "");
user_pref("extensions.SGT-V7.my-keyword-url", "\"\"");
user_pref("extensions.SGT-V7.previous-keyword-url", "\"http://search.icq.com/search/afe_result ... r=1.4.7&q=\"");
user_pref("extensions.APN_TB.first-previous-keyword-url", "http://search.icq.com/search/afe_result ... r=1.4.7&q=");
user_pref("browser.search.suggest.enabled", false);

Added to C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.APN_TB.first-previous-keyword-url", "http://search.icq.com/search/afe_result ... r=1.4.7&q=");
user_pref("extensions.SGT-V7.my-keyword-url", "\"\"");
user_pref("extensions.SGT-V7.previous-keyword-url", "\"http://search.icq.com/search/afe_result ... r=1.4.7&q=\"");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\PEPK~1\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440\prefs.js:
user_pref("browser.startup.homepage", "google.cz");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("browser.search.defaulturl", "");
user_pref("browser.search.defaultenginename", "");
user_pref("browser.search.defaultenginename,S", "");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("browser.search.selectedEngine,S", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("browser.search.order.1", "");
user_pref("browser.search.order.1,S", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");

Added to C:\Users\PEPK~1\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\PEPK~2\AppData\Roaming\Mozilla\Firefox\Profiles\3t2v50ra.default\prefs.js:

Added to C:\Users\PEPK~2\AppData\Roaming\Mozilla\Firefox\Profiles\3t2v50ra.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("browser.search.defaulturl", "http://search.icq.com/search/afe_result ... r=1.3.3&q=");
user_pref("browser.search.defaultenginename", "ICQ Search");
user_pref("browser.search.defaultenginename,S", "");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("browser.search.selectedEngine", "ICQ Search");
user_pref("browser.search.selectedEngine,S", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("browser.search.order.1", "");
user_pref("browser.search.order.1,S", "");
user_pref("keyword.URL", "http://search.icq.com/search/afe_result ... r=1.5.3&q=");
user_pref("sweetim.toolbar.previous.keyword.URL", "");

Added to C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default

user.js not found
---- Lines icq.com removed from prefs.js ----
user_pref("extensions.APN_TB.first-previous-keyword-url", "http://search.icq.com/search/afe_result ... r=1.4.7&q=");
user_pref("extensions.SGT-V7.previous-keyword-url", "\"http://search.icq.com/search/afe_result ... r=1.4.7&q=\"");
---- FireFox user.js and prefs.js backups ----

prefs_18.02.2014_2100_.backup

ProfilePath: C:\Users\PEPK~1\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440

---- Lines babylon removed from prefs.js ----
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
---- Lines Sweet removed from prefs.js ----
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
---- Lines extensions.cSlM6eQtuPJ removed from prefs.js ----
user_pref("extensions.cSlM6eQtuPJ.epoch", "1391962852");
user_pref("extensions.cSlM6eQtuPJ.url", "http://jpisyncs.info/sync2/?q=hfZ9oeV8h ... dsEpdw7rTa
---- Lines extensions.oxIziz removed from prefs.js ----
user_pref("extensions.oxIziz.epoch", "1391962852");
user_pref("extensions.oxIziz.url", "http://toolkitcard.info/sync2/?q=hfZ9oe ... FqTsErTgMD
---- FireFox user.js and prefs.js backups ----

user_18.02.2014_2100_.backup
prefs_18.02.2014_2100_.backup

ProfilePath: C:\Users\PEPK~2\AppData\Roaming\Mozilla\Firefox\Profiles\3t2v50ra.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_18.02.2014_2100_.backup

ProfilePath: C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default

user.js not found
---- Lines babylon removed from prefs.js ----
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
---- Lines Sweet removed from prefs.js ----
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
---- Lines extensions.cSlM6eQtuPJ removed from prefs.js ----
user_pref("extensions.cSlM6eQtuPJ.epoch", "1392564656");
user_pref("extensions.cSlM6eQtuPJ.url", "http://techwebbjobnew.info/sync2/?q=hfZ ... Uojw9rdsFq
---- Lines extensions.oxIziz removed from prefs.js ----
user_pref("extensions.oxIziz.epoch", "1392564656");
user_pref("extensions.oxIziz.url", "http://jpi-syncer.info/sync2/?q=hfZ9oeJ ... qjrEqjsMDM
---- FireFox user.js and prefs.js backups ----

prefs_18.02.2014_2100_.backup

==== Deleting Files \ Folders ======================

C:\Users\Pepík\AppData\Local\cache not found
C:\PROGRA~3\knmfobkccjokohdaeepclbkjioapjccn deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{9BB39F4D-8C74-A54D-5CF6-F63D0349B6A8} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{B42FF572-2873-477A-6F23-CF0E7FC1C52D} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{9BB39F4D-8C74-A54D-5CF6-F63D0349B6A8} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{B42FF572-2873-477A-6F23-CF0E7FC1C52D} deleted
C:\PROGRA~3\WinTurbo deleted
C:\PROGRA~3\4946b2f89601888b deleted
C:\PROGRA~2\TornTV.com deleted
C:\PROGRA~3\MinimuMPrice deleted
C:\PROGRA~3\TTakeThECoUpoN deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted
C:\PROGRA~2\seurf annd keep deleted
C:\PROGRA~2\YoutubeAdblocker deleted
C:\PROGRA~2\ss helper deleted
C:\PROGRA~2\Yontoo deleted
C:\PROGRA~2\GreenTree Applications deleted
C:\PROGRA~2\Conduit deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\AVG Security Toolbar deleted
C:\PROGRA~3\YoutubeAdblocker deleted
C:\PROGRA~3\seurf annd keep deleted
C:\PROGRA~3\AVG January 2013 Campaign deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Tarma Installer deleted
C:\PROGRA~3\Premium deleted
C:\PROGRA~3\Babylon deleted
C:\Users\Pepa\AppData\Local\AVG Security Toolbar deleted
C:\Users\Pepa\AppData\Local\cache deleted
C:\Users\Radka\AppData\Local\AVG Security Toolbar deleted
C:\Users\Radka\AppData\Local\cache deleted
C:\Users\PEPK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\TornTV.com deleted
C:\Users\Pepa\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Users\Pepa\AppData\LocalLow\AVG Security Toolbar deleted
C:\Users\Radka\AppData\LocalLow\AVG Security Toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-1.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-10.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-11.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-12.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-13.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-14.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-15.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-16.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-17.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-18.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-19.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-2.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-20.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-21.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-22.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-23.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-24.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-3.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-4.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-5.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-6.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-7.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-8.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin-9.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin.gif deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin.src deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\icqplugin.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\searchplugins\ask-search.xml deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\ICQToolbarData deleted
C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default\extensions\staged deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-1.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-10.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-11.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-12.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-13.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-14.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-15.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-16.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-17.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-18.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-19.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-2.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-20.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-21.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-22.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-23.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-24.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-25.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-26.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-27.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-28.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-29.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-3.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-30.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-31.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-32.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-4.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-5.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-6.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-7.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-8.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin-9.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin.gif deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin.src deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\searchplugins\icqplugin.xml deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\ICQToolbarData deleted
C:\Users\PEPK~1\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440\extensions\7cu2fml@uueytcj.co.uk deleted
C:\Users\PEPK~1\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440\extensions\yojb@uiaoiui.edu deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\extensions\7cu2fml@uueytcj.co.uk deleted
C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default\extensions\yojb@uiaoiui.edu deleted
"C:\PROGRA~2\Pirrit\AutoUpdater.exe" deleted
"C:\PROGRA~2\Pirrit\msvcp100.dll" deleted
"C:\PROGRA~2\Pirrit\msvcr100.dll" not deleted
"C:\PROGRA~2\Pirrit\QtCore4.dll" deleted
"C:\PROGRA~2\Pirrit\QtNetwork4.dll" deleted
"C:\PROGRA~2\Pirrit" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [30.09.2013 15:23]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\ag4aag6k.default
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
- Undetermined - %ProfilePath%\extensions\suggestor@suggestor.pirrit.com.xpi

ProfilePath: C:\Users\PEPK~1\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440
- Undetermined - %ProfilePath%\extensions\suggestor@suggestor.pirrit.com.xpi

ProfilePath: C:\Users\Radka\AppData\Roaming\Mozilla\Firefox\Profiles\8w2evmin.default
- RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14.08.2013 14:24]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[03.01.2014 01:32]

AdBlock - Pepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Pirrit Suggestor - Radka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammfplfdkakimnibcghcebgbiiphabgc
TTakeThECoUpoN - Radka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfnpnmeecpmmckfkjpmgfhgapfjbhkic
RealDownloader - Radka\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
YoutubeBookmark - Radka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihljmpldkdjegakambfmgjionfpeahen
Skype for Chromium - Radka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
SquirrelWeb - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnafjfahbdfphihncgadbegiaebehio
RealDownloader - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Skype for Chromium - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chrome Fix ======================

C:\Users\Radka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfnpnmeecpmmckfkjpmgfhgapfjbhkic deleted successfully
C:\Users\Radka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hfnpnmeecpmmckfkjpmgfhgapfjbhkic_0.localstorage deleted successfully
C:\Users\Radka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hfnpnmeecpmmckfkjpmgfhgapfjbhkic_0.localstorage-journal deleted successfully
C:\Users\Radka\AppData\Local\Google\Chrome\User Data\Default\Extensions\elbgnhafbiiikpcebfokbkflkgliamfj deleted successfully
C:\Users\Radka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihljmpldkdjegakambfmgjionfpeahen deleted successfully
C:\Users\Radka\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiofllkgfmbagnboefbgbilhhejnddmd deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.cz/"
"Search Page"="http://www.searchamong.com/searchview.p ... s&bar=true"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.searchamong.com/searchview.p ... s&bar=true"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.searchamong.com/searchview.p ... s&bar=true"
"SearchAssistant"="http://www.searchamong.com/searchview.p ... s&bar=true"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{afdbddaa-5d3f-42ee-b79c-185a7020515b}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.cz/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{68EB484B-8243-4157-8345-A43F64DBF2F1} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{D22670BA-587B-4799-9467-63FC89B599FB} WebHledani Url="http://www.webhledani.cz/results.aspx?i ... earchTerms}"

==== Reset Google Chrome ======================

C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Radka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Radka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1001\Software\Microsoft\Internet Explorer\SearchScopes\{68EB484B-8243-4157-8345-A43F64DBF2F1} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1004\Software\Microsoft\Internet Explorer\SearchScopes\{68EB484B-8243-4157-8345-A43F64DBF2F1} deleted successfully
HKEY_USERS\S-1-5-21-1287240520-3546684594-2801232195-1005\Software\Microsoft\Internet Explorer\SearchScopes\{68EB484B-8243-4157-8345-A43F64DBF2F1} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{b5f358a0} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIGABYTEMOUSE deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pepa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pepa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Pepa\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pepík\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pepík\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Pepík\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pepík\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Radka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Radka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Radka\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Radka\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PEPK~2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Pepa\AppData\Local\Mozilla\Firefox\Profiles\ag4aag6k.default\Cache emptied successfully
C:\Users\Radka\AppData\Local\Mozilla\Firefox\Profiles\8w2evmin.default\Cache emptied successfully
C:\Users\PEPK~2\AppData\Local\Mozilla\Firefox\Profiles\3t2v50ra.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Pepa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Radka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=557 folders=154 38083157 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\hedev\AppData\Local\Temp emptied successfully
C:\Users\Pepa\AppData\Local\Temp will be emptied at reboot
C:\Users\Pepík\AppData\Local\Temp emptied successfully
C:\Users\Radka\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PEPK~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Pirrit\msvcr100.dll" not found
"C:\Users\Pepa\AppData\Local\Temp\FXSAPIDebugLogFile.txt" not deleted
"C:\PROGRA~2\Pirrit" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

#9 Příspěvek od **vyosek** » 18 úno 2014 21:20

Dejte log dle tohoto http://forum.viry.cz/viewtopic.php?f=13&t=133100

mlok123 · #10 Příspěvek od **mlok123** » 19 úno 2014 14:18

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Pepík (administrator) on DOMA on 19-02-2014 14:12:41
Running from C:\Users\Pepa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(ASUSTeK COMPUTER INC.) C:\Windows\system32\ATKFUSService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe
() C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Tanuki Software, Ltd.) C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Oracle Corporation) C:\Windows\SysWOW64\java.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
() C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\MultiScreen\MultiScreen.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\CORE-STATIC\CCC.exe
() C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritDesktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [ROC_roc_dec12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1287240520-3546684594-2801232195-1001\...\Run: [Google Update] - C:\Users\Pepík\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-04] (Google Inc.)
HKU\S-1-5-21-1287240520-3546684594-2801232195-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Pepík\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1287240520-3546684594-2801232195-1001\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1287240520-3546684594-2801232195-1001\...\Run: [MyDriveConnect.exe] - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\Run: [MultiScreen] - C:\Program Files (x86)\MultiScreen\MultiScreen.exe [303104 2009-08-11] ()
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\Run: [Google Update] - C:\Users\Pepík\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-04] (Google Inc.)
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\MountPoints2: D - D:\setup\rsrc\Autorun.exe
Startup: C:\Users\Pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Pepík\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Radka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9881
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
URLSearchHook: HKLM-x32 - (No Name) - {707db484-2428-402d-afb5-d85b387544c7} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {D22670BA-587B-4799-9467-63FC89B599FB} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Pepík\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440
FF user.js: detected! => C:\Users\Pepík\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440\user.js
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Pepík\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Pepík\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Pepík\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Pepík\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Pepík\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Pepík\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pepík\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Pepík\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Pirrit Suggestor - C:\Users\Pepík\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440\Extensions\suggestor@suggestor.pirrit.com.xpi [2014-02-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-30]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.cz/
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (MicrosoftÂ® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows LiveÂ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (TTakeThECoUpoN) - C:\Users\Pepík\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfnpnmeecpmmckfkjpmgfhgapfjbhkic [2013-12-30]
CHR Extension: (Skype Click to Call) - C:\Users\Pepík\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-22]
CHR Extension: (Peněženka Google) - C:\Users\Pepík\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

==================== Services (Whitelisted) =================

R2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [63488 2009-12-01] (ASUSTeK COMPUTER INC.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 mitsijm2014; C:\Program Files\Autodesk\Inventor 2014\Moldflow\bin\mitsijm.exe [952608 2013-01-25] (Autodesk, Inc.)
R2 PirritDesktop; C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritService.exe [52568 2014-02-14] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-10] ()
R2 PS3 Media Server; C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [366872 2011-05-17] (Tanuki Software, Ltd.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
R3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-01-20] (Duplex Secure Ltd.)
S1 EIO64; system32\DRIVERS\EIO64.sys [X]
S1 prodrv03; \SystemRoot\System32\drivers\prodrv03.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-19 14:12 - 2014-02-19 14:12 - 00023809 _____ () C:\Users\Pepa\Desktop\FRST.txt
2014-02-19 14:11 - 2014-02-19 14:12 - 00000000 ____D () C:\FRST
2014-02-19 14:10 - 2014-02-19 14:10 - 00112640 _____ (forum.viry.cz) C:\Users\Pepa\Downloads\FRSTLauncher (1).exe
2014-02-19 14:10 - 2014-02-19 14:10 - 00112640 _____ (forum.viry.cz) C:\Users\Pepa\Desktop\FRSTLauncher (1).exe
2014-02-19 14:10 - 2014-02-19 14:10 - 00015327 _____ () C:\Users\Pepík\Desktop\LM.bat
2014-02-19 14:09 - 2014-02-19 14:09 - 00000000 _____ () C:\Users\Pepa\Downloads\FRSTLauncher.exe
2014-02-19 14:07 - 2014-02-19 14:07 - 02153472 _____ (Farbar) C:\Users\Pepa\Desktop\FRST64.exe
2014-02-19 14:05 - 2014-02-19 14:05 - 00032475 _____ () C:\Users\Pepa\Downloads\VerzeOS.exe
2014-02-19 13:53 - 2014-02-19 14:10 - 00029696 _____ () C:\Users\Pepík\AppData\Local\MSGBOX.EXE
2014-02-19 13:47 - 2014-02-19 13:47 - 00003330 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1004
2014-02-19 13:47 - 2014-02-19 13:47 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1004
2014-02-18 21:15 - 2014-02-18 21:15 - 00000000 ____D () C:\.cache
2014-02-18 21:07 - 2014-02-18 20:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-18 21:06 - 2014-02-18 21:06 - 00000000 ____D () C:\Users\PepÝk\AppData\Roaming\Macromedia
2014-02-18 21:05 - 2014-02-18 21:05 - 00000000 ____D () C:\Users\PepÝk
2014-02-18 20:59 - 2014-02-18 21:17 - 00000000 ____D () C:\zoek
2014-02-18 20:49 - 2014-02-18 21:17 - 00035790 _____ () C:\zoek-results.log
2014-02-18 20:48 - 2014-02-18 21:12 - 00000000 ____D () C:\zoek_backup
2014-02-18 20:45 - 2014-02-17 08:42 - 01284608 _____ () C:\Users\Pepa\Desktop\zoek.exe
2014-02-18 20:44 - 2014-02-18 20:44 - 04093477 _____ () C:\Users\Pepa\Desktop\zoek.zip
2014-02-18 20:42 - 2014-02-18 20:43 - 01284608 _____ () C:\Users\Pepa\Downloads\zoek.exe
2014-02-18 20:41 - 2014-02-18 20:41 - 00001172 _____ () C:\Users\Pepík\Desktop\RKreport[0]_H_02182014_204150.txt
2014-02-18 20:38 - 2014-02-18 20:38 - 00001983 _____ () C:\Users\Pepík\Desktop\RKreport[0]_D_02182014_203849.txt
2014-02-18 20:37 - 2014-02-18 20:37 - 00002116 _____ () C:\Users\Pepík\Desktop\RKreport[0]_S_02182014_203723.txt
2014-02-17 18:25 - 2014-02-17 18:25 - 00000000 ____D () C:\Users\Pepa\AppData\Local\CrashDumps
2014-02-17 17:13 - 2014-02-17 17:14 - 00000000 ____D () C:\rsit
2014-02-17 17:13 - 2014-02-17 17:14 - 00000000 ____D () C:\Program Files\trend micro
2014-02-17 16:55 - 2014-02-18 20:38 - 00000000 ____D () C:\Users\Pepík\Desktop\RK_Quarantine
2014-02-16 13:00 - 2014-02-16 13:00 - 03813376 _____ () C:\Users\Pepa\Downloads\RogueKiller.exe
2014-02-16 11:33 - 2014-02-16 11:33 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-02-16 11:32 - 2014-02-16 11:32 - 00000000 ____D () C:\Users\Pepík\AppData\Local\Applications
2014-02-16 11:28 - 2014-02-16 11:28 - 00000000 ____D () C:\ProgramData\Applications
2014-02-16 10:19 - 2014-02-16 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-16 09:55 - 2014-02-19 14:02 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1001
2014-02-16 09:55 - 2014-02-19 14:02 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1001
2014-02-15 14:03 - 2014-02-15 14:04 - 00019003 _____ () C:\Users\Pepík\Downloads\hijackthis.log
2014-02-15 14:02 - 2014-02-15 14:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pepík\Downloads\hijackthis.exe
2014-02-15 13:45 - 2014-02-15 13:45 - 00000000 ____D () C:\Users\Pepík\AppData\Local\PirritSuggestor
2014-02-12 21:24 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 21:24 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 21:24 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 21:24 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 21:24 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 21:24 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 21:24 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 21:24 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 21:24 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 21:24 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 21:24 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 21:24 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 21:24 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 21:24 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 21:24 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 21:24 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 21:24 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 21:24 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 21:24 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 21:24 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 21:24 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 21:24 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 21:24 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 21:24 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 21:24 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 21:24 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 21:24 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 21:24 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 21:24 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 21:24 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 21:24 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 21:24 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 21:24 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 21:24 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 21:24 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 21:24 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 21:24 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 21:24 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 21:24 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 21:24 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 21:24 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 16:02 - 2014-02-12 16:02 - 00018829 _____ () C:\Users\Pepa\Downloads\Grafy.xlsx
2014-02-12 14:55 - 2014-02-12 18:43 - 00020149 _____ () C:\Users\Pepa\Desktop\Grafy.xlsx
2014-02-12 14:01 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 14:01 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 14:01 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 14:01 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 14:01 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 14:01 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 14:01 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 14:01 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 14:01 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 14:01 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 14:01 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 14:01 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 14:01 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 14:01 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 14:01 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 14:01 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 14:01 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 14:01 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 14:01 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 14:01 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 14:01 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 14:01 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 14:01 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 14:01 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 14:01 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 14:01 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 14:01 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 14:01 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 17:28 - 2014-02-10 17:28 - 00274552 _____ () C:\Windows\Minidump\021014-53882-01.dmp
2014-02-10 13:54 - 2014-02-15 20:28 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1005
2014-02-10 13:54 - 2014-02-15 20:28 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1005
2014-02-06 18:21 - 2014-02-06 18:32 - 00013294 _____ () C:\Users\Pepa\Desktop\123456.xlsx
2014-02-04 13:54 - 2014-02-04 13:53 - 00000003 _____ () C:\Users\Pepa\Documents\ret.txt
2014-02-03 14:06 - 2014-02-03 14:06 - 00000000 ____D () C:\Users\Radka\AppData\Roaming\Pirrit
2014-02-03 14:06 - 2014-02-03 14:06 - 00000000 ____D () C:\Users\Radka\AppData\Local\Pirrit Suggestor
2014-01-26 18:27 - 2014-01-26 18:27 - 00013424 _____ () C:\Users\Pepa\Desktop\psaní – zástupce.lnk
2014-01-23 14:47 - 2014-01-23 14:47 - 00000000 ____D () C:\Users\Pepa\AppData\Local\Apple
2014-01-20 18:47 - 2014-01-20 18:47 - 00000000 ____D () C:\Users\Pepík\AppData\Roaming\Apple Computer
2014-01-20 18:29 - 2014-01-20 18:29 - 00000030 _____ () C:\Users\Pepa\Documents\Vide1.avi.sfl
2014-01-20 18:26 - 2014-01-20 18:26 - 00000032 _____ () C:\Users\Pepa\Documents\Video2.avi.sfl
2014-01-20 18:20 - 2014-01-20 18:22 - 41110093 _____ () C:\Users\Pepa\Documents\Vide1.wmv
2014-01-20 18:11 - 2014-01-20 18:11 - 00000030 _____ () C:\Users\Pepa\Documents\Video.avi.sfl
2014-01-20 16:35 - 2014-01-20 16:35 - 00000000 ____D () C:\Users\Radka\AppData\Roaming\Apple Computer

==================== One Month Modified Files and Folders =======

2014-02-19 14:12 - 2014-02-19 14:12 - 00023809 _____ () C:\Users\Pepa\Desktop\FRST.txt
2014-02-19 14:12 - 2014-02-19 14:11 - 00000000 ____D () C:\FRST
2014-02-19 14:10 - 2014-02-19 14:10 - 00112640 _____ (forum.viry.cz) C:\Users\Pepa\Downloads\FRSTLauncher (1).exe
2014-02-19 14:10 - 2014-02-19 14:10 - 00112640 _____ (forum.viry.cz) C:\Users\Pepa\Desktop\FRSTLauncher (1).exe
2014-02-19 14:10 - 2014-02-19 14:10 - 00015327 _____ () C:\Users\Pepík\Desktop\LM.bat
2014-02-19 14:10 - 2014-02-19 13:53 - 00029696 _____ () C:\Users\Pepík\AppData\Local\MSGBOX.EXE
2014-02-19 14:10 - 2012-07-14 15:23 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 14:09 - 2014-02-19 14:09 - 00000000 _____ () C:\Users\Pepa\Downloads\FRSTLauncher.exe
2014-02-19 14:08 - 2011-08-04 12:15 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001UA.job
2014-02-19 14:08 - 2011-08-04 12:15 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001Core.job
2014-02-19 14:07 - 2014-02-19 14:07 - 02153472 _____ (Farbar) C:\Users\Pepa\Desktop\FRST64.exe
2014-02-19 14:05 - 2014-02-19 14:05 - 00032475 _____ () C:\Users\Pepa\Downloads\VerzeOS.exe
2014-02-19 14:03 - 2011-08-04 12:15 - 00003932 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001UA
2014-02-19 14:03 - 2011-08-04 12:15 - 00003536 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001Core
2014-02-19 14:02 - 2014-02-16 09:55 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1001
2014-02-19 14:02 - 2014-02-16 09:55 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1001
2014-02-19 14:02 - 2010-12-24 21:29 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 13:54 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 13:54 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 13:50 - 2010-12-03 13:29 - 01186914 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 13:49 - 2010-12-24 21:05 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-19 13:47 - 2014-02-19 13:47 - 00003330 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1004
2014-02-19 13:47 - 2014-02-19 13:47 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1004
2014-02-19 13:45 - 2010-12-24 21:29 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 13:43 - 2012-11-15 20:39 - 00000000 ____D () C:\Program Files (x86)\PS3 Media Server
2014-02-19 13:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-19 13:43 - 2009-07-14 05:51 - 01144709 _____ () C:\Windows\setupact.log
2014-02-18 21:17 - 2014-02-18 20:59 - 00000000 ____D () C:\zoek
2014-02-18 21:17 - 2014-02-18 20:49 - 00035790 _____ () C:\zoek-results.log
2014-02-18 21:15 - 2014-02-18 21:15 - 00000000 ____D () C:\.cache
2014-02-18 21:12 - 2014-02-18 20:48 - 00000000 ____D () C:\zoek_backup
2014-02-18 21:12 - 2010-12-24 23:13 - 00438020 _____ () C:\Windows\PFRO.log
2014-02-18 21:06 - 2014-02-18 21:06 - 00000000 ____D () C:\Users\PepÝk\AppData\Roaming\Macromedia
2014-02-18 21:05 - 2014-02-18 21:05 - 00000000 ____D () C:\Users\PepÝk
2014-02-18 20:46 - 2014-02-18 21:07 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-18 20:44 - 2014-02-18 20:44 - 04093477 _____ () C:\Users\Pepa\Desktop\zoek.zip
2014-02-18 20:43 - 2014-02-18 20:42 - 01284608 _____ () C:\Users\Pepa\Downloads\zoek.exe
2014-02-18 20:41 - 2014-02-18 20:41 - 00001172 _____ () C:\Users\Pepík\Desktop\RKreport[0]_H_02182014_204150.txt
2014-02-18 20:38 - 2014-02-18 20:38 - 00001983 _____ () C:\Users\Pepík\Desktop\RKreport[0]_D_02182014_203849.txt
2014-02-18 20:38 - 2014-02-17 16:55 - 00000000 ____D () C:\Users\Pepík\Desktop\RK_Quarantine
2014-02-18 20:37 - 2014-02-18 20:37 - 00002116 _____ () C:\Users\Pepík\Desktop\RKreport[0]_S_02182014_203723.txt
2014-02-18 20:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-18 17:53 - 2012-06-06 18:35 - 00000448 ____H () C:\Windows\Tasks\Norton Security Scan for Pepa.job
2014-02-18 14:39 - 2010-12-24 21:29 - 00003946 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-18 14:39 - 2010-12-24 21:29 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 19:14 - 2009-07-14 16:18 - 00670674 _____ () C:\Windows\system32\perfh005.dat
2014-02-17 19:14 - 2009-07-14 16:18 - 00142286 _____ () C:\Windows\system32\perfc005.dat
2014-02-17 19:14 - 2009-07-14 06:13 - 01584626 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 18:25 - 2014-02-17 18:25 - 00000000 ____D () C:\Users\Pepa\AppData\Local\CrashDumps
2014-02-17 18:24 - 2010-12-30 16:13 - 00000000 ____D () C:\Users\Pepa\AppData\Roaming\Skype
2014-02-17 17:14 - 2014-02-17 17:13 - 00000000 ____D () C:\rsit
2014-02-17 17:14 - 2014-02-17 17:13 - 00000000 ____D () C:\Program Files\trend micro
2014-02-17 08:42 - 2014-02-18 20:45 - 01284608 _____ () C:\Users\Pepa\Desktop\zoek.exe
2014-02-16 18:20 - 2010-12-29 19:46 - 00000000 ___RD () C:\Users\Pepa\Desktop\Pepa
2014-02-16 17:42 - 2010-12-24 22:06 - 00000000 ___RD () C:\Users\Pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 13:00 - 2014-02-16 13:00 - 03813376 _____ () C:\Users\Pepa\Downloads\RogueKiller.exe
2014-02-16 12:47 - 2012-05-07 11:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 12:20 - 2012-08-08 10:32 - 00000000 ____D () C:\Users\Pepa\AppData\Local\rajce
2014-02-16 12:05 - 2012-01-31 14:30 - 00000000 ____D () C:\Users\Pepa\AppData\Local\TeamSpeak 3 Client
2014-02-16 12:00 - 2014-01-12 18:03 - 00000000 ____D () C:\ProgramData\ABBYY
2014-02-16 11:33 - 2014-02-16 11:33 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-02-16 11:32 - 2014-02-16 11:32 - 00000000 ____D () C:\Users\Pepík\AppData\Local\Applications
2014-02-16 11:28 - 2014-02-16 11:28 - 00000000 ____D () C:\ProgramData\Applications
2014-02-16 10:19 - 2014-02-16 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 20:28 - 2014-02-10 13:54 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1005
2014-02-15 20:28 - 2014-02-10 13:54 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1005
2014-02-15 14:41 - 2013-07-18 20:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 14:38 - 2010-12-27 15:02 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 14:10 - 2011-12-07 20:07 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{92A8CE80-75B6-46D5-8A49-3471C34B46AF}
2014-02-15 14:04 - 2014-02-15 14:03 - 00019003 _____ () C:\Users\Pepík\Downloads\hijackthis.log
2014-02-15 14:02 - 2014-02-15 14:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pepík\Downloads\hijackthis.exe
2014-02-15 13:45 - 2014-02-15 13:45 - 00000000 ____D () C:\Users\Pepík\AppData\Local\PirritSuggestor
2014-02-14 18:29 - 2010-12-24 21:25 - 00000000 ____D () C:\Users\Pepík\AppData\Roaming\Mozilla
2014-02-14 17:41 - 2011-10-14 18:33 - 00000000 ____D () C:\Users\Pepa\AppData\Roaming\vlc
2014-02-14 13:22 - 2010-12-24 20:34 - 00000000 ____D () C:\Users\Pepík
2014-02-14 13:10 - 2013-09-28 11:06 - 00000943 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-13 15:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 14:35 - 2010-12-24 22:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-13 14:35 - 2010-12-24 22:18 - 00000000 ____D () C:\ProgramData\Skype
2014-02-12 21:28 - 2012-10-03 17:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 21:27 - 2012-01-07 17:45 - 01563072 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 18:43 - 2014-02-12 14:55 - 00020149 _____ () C:\Users\Pepa\Desktop\Grafy.xlsx
2014-02-12 16:02 - 2014-02-12 16:02 - 00018829 _____ () C:\Users\Pepa\Downloads\Grafy.xlsx
2014-02-11 20:13 - 2013-12-26 16:23 - 00012288 _____ () C:\Users\Pepa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-11 14:14 - 2009-07-14 06:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-10 17:28 - 2014-02-10 17:28 - 00274552 _____ () C:\Windows\Minidump\021014-53882-01.dmp
2014-02-10 17:28 - 2011-04-08 13:37 - 00000000 ____D () C:\Windows\Minidump
2014-02-10 17:27 - 2011-04-08 13:37 - 411332597 _____ () C:\Windows\MEMORY.DMP
2014-02-08 17:43 - 2013-10-03 17:52 - 00001036 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-06 18:32 - 2014-02-06 18:21 - 00013294 _____ () C:\Users\Pepa\Desktop\123456.xlsx
2014-02-06 13:16 - 2014-02-12 21:24 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 21:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 21:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 21:24 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 21:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 21:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 21:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 21:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 21:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 21:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 21:24 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 21:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 21:24 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 21:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 21:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 21:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 21:24 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 21:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 21:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 21:24 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 21:24 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 21:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 21:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 21:24 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 21:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 21:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 21:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 21:24 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 21:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 21:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 21:24 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 21:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 21:24 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 21:24 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 21:24 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 21:24 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 21:24 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 21:24 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 21:24 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 20:10 - 2012-07-14 15:23 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 20:10 - 2012-03-31 19:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 20:10 - 2011-05-24 14:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-04 14:42 - 2010-12-24 21:31 - 00002149 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-04 13:53 - 2014-02-04 13:54 - 00000003 _____ () C:\Users\Pepa\Documents\ret.txt
2014-02-03 14:06 - 2014-02-03 14:06 - 00000000 ____D () C:\Users\Radka\AppData\Roaming\Pirrit
2014-02-03 14:06 - 2014-02-03 14:06 - 00000000 ____D () C:\Users\Radka\AppData\Local\Pirrit Suggestor
2014-02-02 14:01 - 2010-12-27 15:01 - 00000000 ____D () C:\Users\Pepík\AppData\Local\Adobe
2014-01-26 18:27 - 2014-01-26 18:27 - 00013424 _____ () C:\Users\Pepa\Desktop\psaní – zástupce.lnk
2014-01-23 14:47 - 2014-01-23 14:47 - 00000000 ____D () C:\Users\Pepa\AppData\Local\Apple
2014-01-20 18:47 - 2014-01-20 18:47 - 00000000 ____D () C:\Users\Pepík\AppData\Roaming\Apple Computer
2014-01-20 18:29 - 2014-01-20 18:29 - 00000030 _____ () C:\Users\Pepa\Documents\Vide1.avi.sfl
2014-01-20 18:26 - 2014-01-20 18:26 - 00000032 _____ () C:\Users\Pepa\Documents\Video2.avi.sfl
2014-01-20 18:22 - 2014-01-20 18:20 - 41110093 _____ () C:\Users\Pepa\Documents\Vide1.wmv
2014-01-20 18:11 - 2014-01-20 18:11 - 00000030 _____ () C:\Users\Pepa\Documents\Video.avi.sfl
2014-01-20 17:28 - 2014-01-16 15:39 - 00000000 ____D () C:\Users\Pepa\AppData\Roaming\Sony
2014-01-20 16:35 - 2014-01-20 16:35 - 00000000 ____D () C:\Users\Radka\AppData\Roaming\Apple Computer

Files to move or delete:
====================
C:\Users\Pepa\dht.dat
C:\Users\Pepa\dht_feed.dat
C:\Users\Pepa\resume.dat
C:\Users\Pepa\rss.dat
C:\Users\Pepa\settings.dat
C:\Users\Pepa\updates.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-18 16:26

==================== End Of Log ============================

#11 Příspěvek od **vyosek** » 19 úno 2014 18:26

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
URLSearchHook: HKLM-x32 - (No Name) - {707db484-2428-402d-afb5-d85b387544c7} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {D22670BA-587B-4799-9467-63FC89B599FB} URL = http://www.webhledani.cz/results.aspx?i=39&tp=ie&q={searchTerms}
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9881

HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\Run: [Google Update] - C:\Users\Pepík\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-04] (Google Inc.)
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\MountPoints2: D - D:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-1287240520-3546684594-2801232195-1001\...\Run: [Google Update] - C:\Users\Pepík\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-04] (Google Inc.)
HKU\S-1-5-21-1287240520-3546684594-2801232195-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Pepík\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

FF Extension: Pirrit Suggestor - C:\Users\Pepík\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440\Extensions\suggestor@suggestor.pirrit.com.xpi [2014-02-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-30]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

R2 PirritDesktop; C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritService.exe [52568 2014-02-14] ()
C:\Users\Pepík\AppData\Local\PirritSuggestor
C:\Program Files (x86)\AVG Secure Search

DisableService: c2cautoupdatesvc
DisableService: c2cpnrsvc

C:\Users\Pepa\dht.dat
C:\Users\Pepa\dht_feed.dat
C:\Users\Pepa\resume.dat
C:\Users\Pepa\rss.dat
C:\Users\Pepa\settings.dat
C:\Users\Pepa\updates.dat
2014-02-15 14:04 - 2014-02-15 14:03 - 00019003 _____ () C:\Users\Pepík\Downloads\hijackthis.log
2014-02-15 14:02 - 2014-02-15 14:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pepík\Downloads\hijackthis.exe
2014-02-15 13:45 - 2014-02-15 13:45 - 00000000 ____D () C:\Users\Pepík\AppData\Local\PirritSuggestor
2014-02-17 08:42 - 2014-02-18 20:45 - 01284608 _____ () C:\Users\Pepa\Desktop\zoek.exe
2014-02-18 20:46 - 2014-02-18 21:07 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-18 20:44 - 2014-02-18 20:44 - 04093477 _____ () C:\Users\Pepa\Desktop\zoek.zip
2014-02-18 20:43 - 2014-02-18 20:42 - 01284608 _____ () C:\Users\Pepa\Downloads\zoek.exe
2014-02-18 20:41 - 2014-02-18 20:41 - 00001172 _____ () C:\Users\Pepík\Desktop\RKreport[0]_H_02182014_204150.txt
2014-02-18 20:38 - 2014-02-18 20:38 - 00001983 _____ () C:\Users\Pepík\Desktop\RKreport[0]_D_02182014_203849.txt
2014-02-18 20:38 - 2014-02-17 16:55 - 00000000 ____D () C:\Users\Pepík\Desktop\RK_Quarantine
2014-02-18 20:37 - 2014-02-18 20:37 - 00002116 _____ () C:\Users\Pepík\Desktop\RKreport[0]_S_02182014_203723.txt
2014-02-18 21:17 - 2014-02-18 20:59 - 00000000 ____D () C:\zoek
2014-02-18 21:17 - 2014-02-18 20:49 - 00035790 _____ () C:\zoek-results.log
2014-02-18 21:15 - 2014-02-18 21:15 - 00000000 ____D () C:\.cache
2014-02-18 21:12 - 2014-02-18 20:48 - 00000000 ____D () C:\zoek_backup
2014-02-19 13:47 - 2014-02-19 13:47 - 00003330 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1004
2014-02-19 13:47 - 2014-02-19 13:47 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1004
2014-02-19 13:45 - 2010-12-24 21:29 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 14:05 - 2014-02-19 14:05 - 00032475 _____ () C:\Users\Pepa\Downloads\VerzeOS.exe
2014-02-19 14:03 - 2011-08-04 12:15 - 00003932 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001UA
2014-02-19 14:03 - 2011-08-04 12:15 - 00003536 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001Core
2014-02-19 14:02 - 2014-02-16 09:55 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1001
2014-02-19 14:02 - 2014-02-16 09:55 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1001
2014-02-19 14:02 - 2010-12-24 21:29 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 13:54 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 13:54 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 14:10 - 2014-02-19 14:10 - 00112640 _____ (forum.viry.cz) C:\Users\Pepa\Downloads\FRSTLauncher (1).exe
2014-02-19 14:10 - 2014-02-19 14:10 - 00112640 _____ (forum.viry.cz) C:\Users\Pepa\Desktop\FRSTLauncher (1).exe
2014-02-19 14:10 - 2014-02-19 14:10 - 00015327 _____ () C:\Users\Pepík\Desktop\LM.bat
2014-02-19 14:10 - 2014-02-19 13:53 - 00029696 _____ () C:\Users\Pepík\AppData\Local\MSGBOX.EXE
2014-02-19 14:10 - 2012-07-14 15:23 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 14:09 - 2014-02-19 14:09 - 00000000 _____ () C:\Users\Pepa\Downloads\FRSTLauncher.exe
2014-02-19 14:08 - 2011-08-04 12:15 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001UA.job
2014-02-19 14:08 - 2011-08-04 12:15 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001Core.job

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

mlok123 · #12 Příspěvek od **mlok123** » 19 úno 2014 18:52

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Pepík at 2014-02-19 18:43:44 Run:1
Running from C:\Users\Pepa\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
URLSearchHook: HKLM-x32 - (No Name) - {707db484-2428-402d-afb5-d85b387544c7} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {D22670BA-587B-4799-9467-63FC89B599FB} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=http://127.0.0.1:9881

HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\Run: [Google Update] - C:\Users\Pepík\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-04] (Google Inc.)
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\...\MountPoints2: D - D:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-1287240520-3546684594-2801232195-1001\...\Run: [Google Update] - C:\Users\Pepík\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-04] (Google Inc.)
HKU\S-1-5-21-1287240520-3546684594-2801232195-1001\...\Run: [Akamai NetSession Interface] - C:\Users\Pepík\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] - "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

FF Extension: Pirrit Suggestor - C:\Users\Pepík\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440\Extensions\suggestor@suggestor.pirrit.com.xpi [2014-02-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-30]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]

R2 PirritDesktop; C:\Users\Pepík\AppData\Local\PirritSuggestor\PirritService.exe [52568 2014-02-14] ()
C:\Users\Pepík\AppData\Local\PirritSuggestor
C:\Program Files (x86)\AVG Secure Search

DisableService: c2cautoupdatesvc
DisableService: c2cpnrsvc

C:\Users\Pepa\dht.dat
C:\Users\Pepa\dht_feed.dat
C:\Users\Pepa\resume.dat
C:\Users\Pepa\rss.dat
C:\Users\Pepa\settings.dat
C:\Users\Pepa\updates.dat
2014-02-15 14:04 - 2014-02-15 14:03 - 00019003 _____ () C:\Users\Pepík\Downloads\hijackthis.log
2014-02-15 14:02 - 2014-02-15 14:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pepík\Downloads\hijackthis.exe
2014-02-15 13:45 - 2014-02-15 13:45 - 00000000 ____D () C:\Users\Pepík\AppData\Local\PirritSuggestor
2014-02-17 08:42 - 2014-02-18 20:45 - 01284608 _____ () C:\Users\Pepa\Desktop\zoek.exe
2014-02-18 20:46 - 2014-02-18 21:07 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-02-18 20:44 - 2014-02-18 20:44 - 04093477 _____ () C:\Users\Pepa\Desktop\zoek.zip
2014-02-18 20:43 - 2014-02-18 20:42 - 01284608 _____ () C:\Users\Pepa\Downloads\zoek.exe
2014-02-18 20:41 - 2014-02-18 20:41 - 00001172 _____ () C:\Users\Pepík\Desktop\RKreport[0]_H_02182014_204150.txt
2014-02-18 20:38 - 2014-02-18 20:38 - 00001983 _____ () C:\Users\Pepík\Desktop\RKreport[0]_D_02182014_203849.txt
2014-02-18 20:38 - 2014-02-17 16:55 - 00000000 ____D () C:\Users\Pepík\Desktop\RK_Quarantine
2014-02-18 20:37 - 2014-02-18 20:37 - 00002116 _____ () C:\Users\Pepík\Desktop\RKreport[0]_S_02182014_203723.txt
2014-02-18 21:17 - 2014-02-18 20:59 - 00000000 ____D () C:\zoek
2014-02-18 21:17 - 2014-02-18 20:49 - 00035790 _____ () C:\zoek-results.log
2014-02-18 21:15 - 2014-02-18 21:15 - 00000000 ____D () C:\.cache
2014-02-18 21:12 - 2014-02-18 20:48 - 00000000 ____D () C:\zoek_backup
2014-02-19 13:47 - 2014-02-19 13:47 - 00003330 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1004
2014-02-19 13:47 - 2014-02-19 13:47 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1004
2014-02-19 13:45 - 2010-12-24 21:29 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 14:05 - 2014-02-19 14:05 - 00032475 _____ () C:\Users\Pepa\Downloads\VerzeOS.exe
2014-02-19 14:03 - 2011-08-04 12:15 - 00003932 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001UA
2014-02-19 14:03 - 2011-08-04 12:15 - 00003536 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001Core
2014-02-19 14:02 - 2014-02-16 09:55 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1001
2014-02-19 14:02 - 2014-02-16 09:55 - 00003198 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1001
2014-02-19 14:02 - 2010-12-24 21:29 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 13:54 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 13:54 - 2009-07-14 05:45 - 00010096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 14:10 - 2014-02-19 14:10 - 00112640 _____ (forum.viry.cz) C:\Users\Pepa\Downloads\FRSTLauncher (1).exe
2014-02-19 14:10 - 2014-02-19 14:10 - 00112640 _____ (forum.viry.cz) C:\Users\Pepa\Desktop\FRSTLauncher (1).exe
2014-02-19 14:10 - 2014-02-19 14:10 - 00015327 _____ () C:\Users\Pepík\Desktop\LM.bat
2014-02-19 14:10 - 2014-02-19 13:53 - 00029696 _____ () C:\Users\Pepík\AppData\Local\MSGBOX.EXE
2014-02-19 14:10 - 2012-07-14 15:23 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 14:09 - 2014-02-19 14:09 - 00000000 _____ () C:\Users\Pepa\Downloads\FRSTLauncher.exe
2014-02-19 14:08 - 2011-08-04 12:15 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001UA.job
2014-02-19 14:08 - 2011-08-04 12:15 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001Core.job

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKCR\PROTOCOLS\Handler\ipp\0x00000001 => Key deleted successfully.
HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{707db484-2428-402d-afb5-d85b387544c7} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D22670BA-587B-4799-9467-63FC89B599FB} => Key deleted successfully.
HKCR\CLSID\{D22670BA-587B-4799-9467-63FC89B599FB} => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster => Value deleted successfully.
HKU\S-1-5-21-1287240520-3546684594-2801232195-1004\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1287240520-3546684594-2801232195-1004 => Key not found.
HKU\S-1-5-21-1287240520-3546684594-2801232195-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKU\S-1-5-21-1287240520-3546684594-2801232195-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TkBellExe => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_ssl_v12 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
C:\Users\Pepík\AppData\Roaming\Mozilla\Firefox\Profiles\howfmnee.default-1386268210440\Extensions\suggestor@suggestor.pirrit.com.xpi => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => Value deleted successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2} => Value deleted successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji => Key deleted successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.
PirritDesktop => Service deleted successfully.
C:\Users\Pepík\AppData\Local\PirritSuggestor => Moved successfully.
"C:\Program Files (x86)\AVG Secure Search" => File/Directory not found.
c2cautoupdatesvc service was disabled
c2cpnrsvc service was disabled
C:\Users\Pepa\dht.dat => Moved successfully.
C:\Users\Pepa\dht_feed.dat => Moved successfully.
C:\Users\Pepa\resume.dat => Moved successfully.
C:\Users\Pepa\rss.dat => Moved successfully.
C:\Users\Pepa\settings.dat => Moved successfully.
C:\Users\Pepa\updates.dat => Moved successfully.
C:\Users\Pepík\Downloads\hijackthis.log => Moved successfully.
C:\Users\Pepík\Downloads\hijackthis.exe => Moved successfully.
"C:\Users\Pepík\AppData\Local\PirritSuggestor" => File/Directory not found.
C:\Users\Pepa\Desktop\zoek.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\Users\Pepa\Desktop\zoek.zip => Moved successfully.
C:\Users\Pepa\Downloads\zoek.exe => Moved successfully.
C:\Users\Pepík\Desktop\RKreport[0]_H_02182014_204150.txt => Moved successfully.
C:\Users\Pepík\Desktop\RKreport[0]_D_02182014_203849.txt => Moved successfully.
C:\Users\Pepík\Desktop\RK_Quarantine => Moved successfully.
C:\Users\Pepík\Desktop\RKreport[0]_S_02182014_203723.txt => Moved successfully.
C:\zoek => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\.cache => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1004 => Moved successfully.
C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1004 => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Users\Pepa\Downloads\VerzeOS.exe => Moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001UA => Moved successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001Core => Moved successfully.
C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1287240520-3546684594-2801232195-1001 => Moved successfully.
C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1287240520-3546684594-2801232195-1001 => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 => Moved successfully.
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 => Moved successfully.
C:\Users\Pepa\Downloads\FRSTLauncher (1).exe => Moved successfully.
C:\Users\Pepa\Desktop\FRSTLauncher (1).exe => Moved successfully.
C:\Users\Pepík\Desktop\LM.bat => Moved successfully.
C:\Users\Pepík\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Users\Pepa\Downloads\FRSTLauncher.exe => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1287240520-3546684594-2801232195-1001Core.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

The system needs a manual reboot.

==== End of Fixlog ====

#13 Příspěvek od **vyosek** » 19 úno 2014 18:54

jak se chova PC?

mlok123 · #14 Příspěvek od **mlok123** » 19 úno 2014 19:26

zatím vše OK, reklamy přestaly vyskakovat

#15 Příspěvek od **vyosek** » 19 úno 2014 19:56

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

1place.org a hotspotaward malware - mlok123

1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123

Re: 1place.org a hotspotaward malware - mlok123