Zpomalené PC, nárust obsazenosti HDD, nefunkční Dropbox

[bigduck]

Zdravím,
v posledních týdnech mám tento problém - postupně se plní HDD, zpomaluje systém (i když to není hit, ale pořád dostatečné parametry stolního pc - 4GB paměti, Core2Duo E8400 3GHz), Win7Pro. Všechny aktualizace mám v pořádku, antivir Avastfree. V posledním týdnu se k tomu přidalo zlobení Dropboxu - ne a ne se připojit a pořád se jen točí kolečko Connecting. Přitom na jiném pc v pohodě jde, takže problém s účtem není.

Zkoušel jsem stáhnout FRSTLauncher a nejde, i když vypnu antivir (všechny štíty pravým tlačítkem), tak ho stále blokuje, takže ani log nemůžu poslat.

Nějaký nápad prosím? Na pc se neprovozují žádné šílenosti, jen klasická práce, video a pár starých her.

Děkuji!

[Márty84]

Zdravim

Dejte log z RSIT, pripadne RSITx64 - dle verze vaseho systemu. Navod zde http://forum.viry.cz/viewtopic.php?f=13&t=130786

[bigduck]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Radim Dohnálek at 2015-04-17 10:43:30
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 15 GB (3%) free of 477 GB
Total RAM: 4095 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:31, on 17.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Radim Dohnálek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\LINKMAGIC\LINKMAGIC.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Users\Radim Dohnálek\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\totalcmd\tcmadmin.exe
C:\Program Files\trend micro\Radim Dohnálek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN16F4C5W205PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Radim Dohnálek\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Radim Dohnálek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = ?
O4 - Global Startup: LINKMAGIC.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Faktury 2002\FB\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Faktury 2002\FB\bin\fbserver.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14262 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Faktury 2002\FB\bin\fbguard.exe" -s
"C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe"
"C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\PDF Architect\HelperService.exe"
"C:\Program Files (x86)\PDF Architect\ConversionService.exe"
"C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\System32\tcpsvcs.exe
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Faktury 2002\FB\bin\fbserver.exe" -s
WLIDSvcM.exe 2600
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-fea06399-d7c8-4e37-8ea2-7d7a5dea56be -SystemEventPortName:HostProcess-01fba73d-ef64-431a-972d-e8c1648cfc60 -IoCancelEventPortName:HostProcess-75ee81e0-9bd4-474f-9eaf-437d4004be96 -NonStateChangingEventPortName:HostProcess-8c3c2f86-e795-49cc-85a8-d3c5dc139c0a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:cfbe362b-bd28-4355-a592-a9a045cbc4ac -DeviceGroupId:WpdFsGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1081271900-2097915366-1363323761864258055-1747935619-85896287-542002453-2091466192
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" -tray
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN16F4C5W205PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
szndesktop.exe default start
"C:\Program Files (x86)\LINKMAGIC\LINKMAGIC.EXE"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe"
"C:\Users\Radim Dohnálek\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
"C:\Users\Radim Dohnálek\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
\??\C:\Windows\system32\conhost.exe "853392614-1190248592-1217506451535483683-875439803-347829218-12073349991707533518
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
"C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe"
"C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
{F51E36DA-269D-4B87-B023-745A3AEA9AC1}
-BootProc
"C:\Program Files (x86)\Browny02\BrYNSvc.exe"
{438C070A-8A3C-4AE1-A22E-E278E6F23104}
-BootProc
C:\Windows\system32\wbem\unsecapp.exe -Embedding
{36235B5E-3D29-4093-83DE-AD32A0F72066}
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "D:\Dropbox\Press-Pygmalion\Newsletter\2015_04_16\NL_05_2015_koncovi.html"

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=8220.19dc5670.958263144 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 8220 "\\.\pipe\gecko-crash-server-pipe.8220" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe" --proxy-stub-channel=Flash9760.5468BE28.28014 --host-broker-channel=Flash9760.5468BE28.17029 --host-pid=9760 --host-npapi-version=28 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe" --channel=9676.003AF6EC.2034665776 --proxy-stub-channel=Flash9760.5468BE28.28014 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll" --host-npapi-version=28 --type=renderer
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\totalcmd\TOTALCMD.EXE"
"C:\Users\Radim Dohnálek\Desktop\RSITx64.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\totalcmd\tcmadmin.exe" 17032 hlavniappdata\Radim Dohnálek
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Radim Dohnálek\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Radim Dohnálek\AppData\Roaming\Mozilla\Firefox\Profiles\ug5zxbpw.default

prefs.js - "browser.startup.homepage" - "about:blank"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, bkmrksync@nokia.com:1.0.0.732, {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.20"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@eleco.com/o2cplayer]
"Description"=Zobrazovací modul pto o2c 3D objekty
"Path"=C:\Program Files (x86)\Eleco\o2c Player\npO2CPlayer.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=Software602 Form Filler Plugin
"Path"=C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@eleco.com/o2cplayer]
"Description"=Zobrazovací modul pto o2c 3D objekty
"Path"=C:\Program Files (x86)\Eleco\o2c Player\npO2CPlayer64.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npwachk.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-13 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-01-09 92232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}]
PlusIEEventHelper Class - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-13 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{25A3A431-30BB-47C8-AD6A-E1063801134F} - PDF Architect Toolbar - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-01-09 609864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-06 11057768]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2013-12-10 2279712]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2013-12-10 1100248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
""= []
"NokiaSuite.exe"=C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2013-10-02 1090912]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"HP Deskjet 3050A J611 series (NET)"=C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2012-10-17 2573416]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"cz.seznam.software.autoupdate"=C:\Users\Radim Dohnálek\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Radim Dohnálek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2009-05-05 222496]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2014-12-19 248176]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-07-12 74752]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe []
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-04-13 5512912]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"IndexSearch"=C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [2011-08-02 46952]
"PaperPort PTD"=C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [2011-08-02 30568]
"PDFHook"=C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [2010-03-05 636192]
"PDF5 Registry Controller"=C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [2010-03-05 62752]
"ControlCenter4"=C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [2014-06-16 139776]
"BrStsMon00"=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2012-07-31 3084288]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-10-02 421888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
LINKMAGIC.lnk - C:\Program Files (x86)\LINKMAGIC\LINKMAGIC.EXE

C:\Users\Radim Dohnálek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Radim Dohnálek\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-04-17 10:38:57 ----D---- C:\rsit
2015-04-17 10:38:57 ----D---- C:\Program Files\trend micro
2015-04-14 19:48:25 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-04-14 19:48:25 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-04-14 19:48:25 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-04-14 19:48:25 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-04-14 19:48:25 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-04-14 19:48:25 ----A---- C:\Windows\system32\wuwebv.dll
2015-04-14 19:48:25 ----A---- C:\Windows\system32\wups2.dll
2015-04-14 19:48:25 ----A---- C:\Windows\system32\wups.dll
2015-04-14 19:48:25 ----A---- C:\Windows\system32\wudriver.dll
2015-04-14 19:48:25 ----A---- C:\Windows\system32\wucltux.dll
2015-04-14 19:48:25 ----A---- C:\Windows\system32\wuaueng.dll
2015-04-14 19:48:25 ----A---- C:\Windows\system32\wuauclt.exe
2015-04-14 19:48:25 ----A---- C:\Windows\system32\wuapp.exe
2015-04-14 19:48:25 ----A---- C:\Windows\system32\wuapi.dll
2015-04-14 19:48:25 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 19:48:25 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-04-14 19:48:16 ----A---- C:\Windows\system32\invagent.dll
2015-04-14 19:48:16 ----A---- C:\Windows\system32\generaltel.dll
2015-04-14 19:48:16 ----A---- C:\Windows\system32\devinv.dll
2015-04-14 19:48:16 ----A---- C:\Windows\system32\appraiser.dll
2015-04-14 19:48:16 ----A---- C:\Windows\system32\aepic.dll
2015-04-14 19:48:16 ----A---- C:\Windows\system32\aeinv.dll
2015-04-14 19:48:16 ----A---- C:\Windows\system32\acmigration.dll
2015-04-14 19:48:15 ----A---- C:\Windows\system32\aepdu.dll
2015-04-14 19:48:13 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-04-14 19:48:13 ----A---- C:\Windows\system32\gdi32.dll
2015-04-14 19:48:11 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-04-14 19:48:11 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-04-14 19:48:11 ----A---- C:\Windows\system32\msxml3r.dll
2015-04-14 19:48:11 ----A---- C:\Windows\system32\msxml3.dll
2015-04-14 19:48:08 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-04-14 19:48:08 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-04-14 19:48:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-04-14 19:48:08 ----A---- C:\Windows\system32\ntdll.dll
2015-04-14 19:48:08 ----A---- C:\Windows\system32\KernelBase.dll
2015-04-14 19:48:08 ----A---- C:\Windows\system32\kernel32.dll
2015-04-14 19:48:07 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-04-14 19:48:06 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-04-14 19:48:06 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-04-14 19:48:06 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-04-14 19:48:06 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-04-14 19:48:06 ----A---- C:\Windows\system32\wow64win.dll
2015-04-14 19:48:06 ----A---- C:\Windows\system32\wow64.dll
2015-04-14 19:48:06 ----A---- C:\Windows\system32\winsrv.dll
2015-04-14 19:48:06 ----A---- C:\Windows\system32\srcore.dll
2015-04-14 19:48:06 ----A---- C:\Windows\system32\schannel.dll
2015-04-14 19:48:06 ----A---- C:\Windows\system32\rstrui.exe
2015-04-14 19:48:06 ----A---- C:\Windows\system32\msv1_0.dll
2015-04-14 19:48:06 ----A---- C:\Windows\system32\lsasrv.dll
2015-04-14 19:48:06 ----A---- C:\Windows\system32\kerberos.dll
2015-04-14 19:48:06 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-04-14 19:48:06 ----A---- C:\Windows\system32\conhost.exe
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 19:48:05 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\user.exe
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-04-14 19:48:05 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\wow64cpu.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\wdigest.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\TSpkg.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\sspisrv.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\sspicli.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\srclient.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\smss.exe
2015-04-14 19:48:05 ----A---- C:\Windows\system32\secur32.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\ntvdm64.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\ncrypt.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\lsass.exe
2015-04-14 19:48:05 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-04-14 19:48:05 ----A---- C:\Windows\system32\csrsrv.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\credssp.dll
2015-04-14 19:48:05 ----A---- C:\Windows\system32\auditpol.exe
2015-04-14 19:48:05 ----A---- C:\Windows\system32\apisetschema.dll
2015-04-14 19:48:04 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-04-14 19:48:04 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-04-14 19:48:04 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-04-14 19:48:04 ----A---- C:\Windows\system32\msobjs.dll
2015-04-14 19:48:04 ----A---- C:\Windows\system32\msaudite.dll
2015-04-14 19:48:04 ----A---- C:\Windows\system32\adtschema.dll
2015-04-14 19:47:57 ----A---- C:\Windows\system32\drivers\http.sys
2015-04-14 19:47:51 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-04-14 19:47:50 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-04-14 19:47:50 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-04-14 19:47:50 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-04-14 19:47:50 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-04-14 19:47:50 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-04-14 19:47:49 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-04-14 19:47:49 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-04-14 19:47:49 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-04-14 19:47:49 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-04-14 19:47:49 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-04-14 19:47:49 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-04-14 19:47:49 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 19:47:49 ----A---- C:\Windows\system32\iernonce.dll
2015-04-14 19:47:49 ----A---- C:\Windows\system32\ie4uinit.exe
2015-04-14 19:47:48 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-04-14 19:47:48 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-04-14 19:47:48 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-04-14 19:47:48 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-04-14 19:47:48 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-04-14 19:47:48 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-04-14 19:47:48 ----A---- C:\Windows\system32\urlmon.dll
2015-04-14 19:47:48 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 19:47:48 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 19:47:48 ----A---- C:\Windows\system32\iedkcs32.dll
2015-04-14 19:47:47 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-04-14 19:47:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-04-14 19:47:47 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-04-14 19:47:47 ----A---- C:\Windows\system32\msfeeds.dll
2015-04-14 19:47:47 ----A---- C:\Windows\system32\iesetup.dll
2015-04-14 19:47:47 ----A---- C:\Windows\system32\ieapfltr.dll
2015-04-14 19:47:47 ----A---- C:\Windows\system32\dxtrans.dll
2015-04-14 19:47:46 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-04-14 19:47:46 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-04-14 19:47:46 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-04-14 19:47:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-04-14 19:47:46 ----A---- C:\Windows\system32\iertutil.dll
2015-04-14 19:47:45 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-04-14 19:47:45 ----A---- C:\Windows\system32\jsproxy.dll
2015-04-14 19:47:45 ----A---- C:\Windows\system32\ieUnatt.exe
2015-04-14 19:47:45 ----A---- C:\Windows\system32\ieui.dll
2015-04-14 19:47:45 ----A---- C:\Windows\system32\ieframe.dll
2015-04-14 19:47:45 ----A---- C:\Windows\system32\dxtmsft.dll
2015-04-14 19:47:44 ----A---- C:\Windows\system32\vbscript.dll
2015-04-14 19:47:44 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-04-14 19:47:44 ----A---- C:\Windows\system32\mshtmled.dll
2015-04-14 19:47:44 ----A---- C:\Windows\system32\jscript9diag.dll
2015-04-14 19:47:44 ----A---- C:\Windows\system32\jscript9.dll
2015-04-14 19:47:43 ----A---- C:\Windows\system32\wininet.dll
2015-04-14 19:47:43 ----A---- C:\Windows\system32\msrating.dll
2015-04-14 19:47:43 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-04-14 19:47:42 ----A---- C:\Windows\system32\mshtml.dll
2015-04-14 19:47:12 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-04-14 19:47:12 ----A---- C:\Windows\system32\clfsw32.dll
2015-04-14 19:47:12 ----A---- C:\Windows\system32\clfs.sys
2015-04-13 21:28:16 ----A---- C:\Windows\system32\aswBoot.exe
2015-04-13 21:28:09 ----A---- C:\Windows\avastSS.scr
2015-04-07 10:12:56 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-07 10:12:55 ----SD---- C:\Windows\system32\GWX
2015-04-03 22:38:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-04-02 22:53:34 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2015-03-20 16:35:47 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2015-03-20 16:35:40 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe

======List of files/folders modified in the last 1 month======

2015-04-17 10:43:31 ----D---- C:\Windows\Temp
2015-04-17 10:41:53 ----D---- C:\Windows\Prefetch
2015-04-17 10:38:57 ----RD---- C:\Program Files
2015-04-17 01:58:55 ----D---- C:\Windows\system32\config
2015-04-16 23:24:49 ----D---- C:\Temp
2015-04-16 19:01:49 ----D---- C:\Users\Radim Dohnálek\AppData\Roaming\Seznam.cz
2015-04-16 18:57:29 ----D---- C:\Users\Radim Dohnálek\AppData\Roaming\Dropbox
2015-04-16 18:44:52 ----D---- C:\ProgramData\NVIDIA
2015-04-16 18:22:05 ----SHD---- C:\Windows\Installer
2015-04-16 18:22:05 ----HD---- C:\Config.Msi
2015-04-16 16:25:38 ----D---- C:\ProgramData\Oracle
2015-04-16 16:18:47 ----D---- C:\Program Files (x86)\Java
2015-04-16 16:18:43 ----D---- C:\Windows\SysWOW64
2015-04-16 16:11:53 ----D---- C:\Program Files (x86)\Common Files
2015-04-16 16:11:19 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-04-16 09:23:29 ----A---- C:\Windows\BRRBCOM.INI
2015-04-16 09:03:49 ----D---- C:\Program Files\Faktury 2002
2015-04-16 01:28:28 ----D---- C:\Windows\AppCompat
2015-04-15 18:18:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-15 10:43:51 ----D---- C:\Windows\rescache
2015-04-15 10:25:17 ----D---- C:\Windows\Microsoft.NET
2015-04-15 10:06:37 ----RSD---- C:\Windows\assembly
2015-04-15 09:42:29 ----D---- C:\Windows\winsxs
2015-04-15 09:39:12 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-04-15 09:39:12 ----D---- C:\Windows\system32\cs-CZ
2015-04-15 09:39:12 ----D---- C:\Windows\System32
2015-04-15 09:39:11 ----SD---- C:\Windows\system32\CompatTel
2015-04-15 09:39:11 ----D---- C:\Windows\system32\appraiser
2015-04-15 09:39:11 ----D---- C:\Windows\AppPatch
2015-04-15 09:39:10 ----D---- C:\Windows\system32\drivers
2015-04-15 09:39:09 ----D---- C:\Windows\SYSWOW64\en-US
2015-04-15 09:39:09 ----D---- C:\Program Files\Internet Explorer
2015-04-15 09:39:08 ----D---- C:\Windows\system32\en-US
2015-04-15 09:39:08 ----D---- C:\Program Files (x86)\Internet Explorer
2015-04-15 09:17:49 ----D---- C:\ProgramData\Microsoft Help
2015-04-15 09:16:20 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-04-15 09:16:07 ----D---- C:\Windows\inf
2015-04-15 09:16:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-15 09:13:05 ----D---- C:\Windows\system32\MRT
2015-04-15 09:04:20 ----A---- C:\Windows\system32\MRT.exe
2015-04-15 09:01:06 ----SHD---- C:\System Volume Information
2015-04-14 19:45:48 ----D---- C:\Windows\system32\catroot2
2015-04-13 21:28:30 ----D---- C:\Windows\system32\Tasks
2015-04-13 21:28:15 ----D---- C:\Windows
2015-04-09 12:14:37 ----D---- C:\Program Files (x86)\Brother
2015-04-09 12:12:54 ----D---- C:\Users\Radim Dohnálek\AppData\Roaming\ControlCenter4
2015-04-09 12:06:51 ----HD---- C:\ProgramData
2015-04-09 12:05:53 ----D---- C:\ProgramData\ControlCenter4
2015-04-09 12:05:51 ----D---- C:\Program Files (x86)\ControlCenter4
2015-04-07 10:25:16 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 10:24:12 ----RD---- C:\Program Files (x86)
2015-04-07 10:13:39 ----D---- C:\Windows\Logs
2015-03-25 10:11:39 ----D---- C:\Windows\system32\wbem
2015-03-20 16:35:40 ----D---- C:\Windows\system32\LogFiles
2015-03-20 16:35:36 ----A---- C:\Windows\game.ini
2015-03-20 16:35:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-03-20 16:15:58 ----D---- C:\Program Files (x86)\Activision

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-04-13 65736]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-04-13 271200]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-11-18 386680]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-04-13 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-04-13 1047320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-04-13 442264]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-04-13 29168]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-04-13 88408]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-04-13 136752]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35344]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-04-13 273824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-06 2419176]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-05 39200]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S2 MLPTDR_C;MLPTDR_C; \??\C:\Windows\syswow64\MLPTDR_C.SYS [2002-09-03 19296]
S2 MLPTDR_N;MLPTDR_N; \??\C:\Windows\syswow64\MLPTDR_N.SYS [2003-07-18 18848]
S3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2012-08-30 1930240]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-10-28 107288]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-10-28 204568]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-04-13 343336]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Faktury 2002\FB\bin\fbguard.exe [2007-09-03 81920]
R2 FreemakeVideoCapture;FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2014-09-04 9216]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-12-11 89864]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-10 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-10 15129376]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-02-04 932040]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-08-02 145256]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-03-20 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2015-03-20 103736]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 10240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-04 409800]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-08-06 5052224]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2014-12-19 93040]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 BrYNSvc;BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-07-13 270336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Faktury 2002\FB\bin\fbserver.exe [2007-09-03 2002944]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-04-13 4030800]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-03-13 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-04-03 148080]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

[Márty84]

Pokud nepouzivate, odinstalujte Seznam Software.

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

[bigduck]

Seznam pryč, ani nevím s čím se tam dostal.

Log zde:
# AdwCleaner v4.201 - Log vytvořen 17/04/2015 v 10:59:43
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-15.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Radim Dohnálek - HLAVNIAPPDATA
# Spuštěno z : C:\Users\Radim Dohnálek\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Users\Radim Dohnálek\AppData\Roaming\genieo

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Klíč Smazáno : HKCU\Software\YahooPartnerToolbar
Klíč Smazáno : HKCU\Software\genieo

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.1 (x86 cs)

[ug5zxbpw.default\prefs.js] - Řádek Smazáno : user_pref("mailnews.ui.advanced_directory_search_results.version", 2);

*************************

AdwCleaner[R0].txt - [1943 bytů] - [17/04/2015 10:58:18]
AdwCleaner[S0].txt - [1756 bytů] - [17/04/2015 10:59:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1814 bytů] ##########

[Márty84]

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[bigduck]

Po skoro 5 hodinách testování posílám výsledek (ty poslední 2 instalačky jsou tam řadu let, takže by to problém být neměl):

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 17.4.2015
Čas skenování: 11:28:43
Protokol: MBAM.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.17.02
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Radim DohnA!lek

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 1964079
Uplynulý čas: 4 hod, 46 min, 48 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 8
PUP.Optional.Somoto.A, C:\Users\Radim DohnA!lek\AppData\Local\Temp\nsa44F6.tmp, , [44623c31beccff37750c7e00af5256aa],
PUP.Optional.Somoto, C:\Users\Radim DohnA!lek\AppData\Local\Temp\bitool.dll, , [d0d60d601c6ef442d0f4a251fa08ec14],
PUP.Optional.Babylon.A, C:\Users\Radim DohnA!lek\AppData\Local\Temp\080BA058-BAB0-7891-837F-EFCD7F8B1227\Latest\BExternal.dll, , [6d39dd9091f98aac928bb66f2ed251af],
Trojan.RotBrowse, C:\Users\Radim DohnA!lek\AppData\Local\Temp\080BA058-BAB0-7891-837F-EFCD7F8B1227\Latest\ccp.exe, , [2383f7761a7060d6924703c260a5ad53],
PUP.Optional.Babylon.A, C:\Users\Radim DohnA!lek\AppData\Local\Temp\080BA058-BAB0-7891-837F-EFCD7F8B1227\Latest\CrxInstaller.dll, , [c9dd5815f19904326c4a27225ca58f71],
PUP.Optional.Babylon.A, C:\Users\Radim DohnA!lek\AppData\Local\Temp\080BA058-BAB0-7891-837F-EFCD7F8B1227\Latest\Setup.exe, , [b9ed9dd091f923131de92e0ef809c040],
PUP.Riskware.Patcher, D:\INSTALL\Dreamweaver\Adobe Dreamweaver CC 13.1 Build 6443 CZ\crack\adobe.cc-patch.exe, , [c9dd5c111d6dc3738a4786b60100c040],
Trojan.Agent, D:\INSTALL\Nero 6.6.0.5 Reload\keygen\Keygen.exe, , [6442333a8ffbc27426bb396c1ee4b14f],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

Nalezy nechte odstranit (ty dva zminene dle sveho uvazeni). Po dalsim restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

[bigduck]

Vše odstraněno, pc restartován a posílám výsledky (puštěn pouze systém po restartu a stejně obsazeno v paměti 2,5-3 GB místo obvyklých cca 1,5 GB, na HDD ubylo od včera dalších 0,5 GB a Dropbox stále nefunguje):

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 18.4.2015
Čas skenování: 1:08:09
Protokol: MBAM2.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.17.07
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Radim DohnA!lek

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 1960950
Uplynulý čas: 4 hod, 30 min, 41 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

MBAM muzete odinstalovat.

stejně obsazeno v paměti 2,5-3 GB

Podivejte se do spravce uloh, ktere procesy zerou nejvice pameti.

na HDD ubylo od včera dalších 0,5 GB

To muzou delat body obnovy.


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[bigduck]

Děkuji za další tip. Jelikož mám veškerá data na disku D (1TB) a na C (0,5TB) je jen systém a programy, hrozí nebezpečí při použití Combofixu i pro ten disk D?

Co se týká procesů, tak nyní zabráno cca 2,7GB paměti a jejich screen je zde: http://www.appdata.cz/procesy.jpg

[Márty84]

hrozí nebezpečí při použití Combofixu i pro ten disk D?

Jde o to, ze kdyby tam byl nejaky vazny problem, nemusi uz system nabehnout a v krajnim pripade bude nutny reinstal. Je to mala pravdepodobnost, ale existuje. Proto tolik varovani. Jinak data jako takova na disku zustanou. Takze rozhodnuti je na vas

[bigduck]

Pustil jsem Combofix, jak jste psal. Probíhaly různé akce ve zvláštním okně a skončilo to takto:
V tom okně svítí Restartuji W....čekejte, Prosím dovolte CF restartovat pc....
A pod tím vyskočilo druhé okno Warning, kde je: Unable to create a backup of the current registry file c:\windows\system32\config\system!
Continue restoration of this file? Yes or No.

Jak dál prosím?

[Márty84]

Dejte Yes

[bigduck]

Yes a naskočilo další okno:
Error restoring c:\windows\erdnt\subs\system to c:\windows\system32\config\system!

continue with the next file?
RegReplaceKey: 5 - přístup odepřen!

Ano nebo ne